webMethods 10.2 | Integration Server Administrator's Guide | Configuring OAuth | Configuring Integration Server for OAuth | Configuring OAuth Settings
 
Configuring OAuth Settings
The OAuth global settings for the authorization server control whether HTTPS is required for OAuth communications. You can also specify global values for authorization code and access token expiration intervals. The expiration intervals can be set globally or configured for each individual client.
* To configure the OAuth settings
1. Open Integration Server Administrator if it is not already open.
2. In the Security menu of the Navigational Panel, click OAuth.
3. Click Edit OAuth Global Settings.
4. Complete the fields as follows:
Field
Description
Require HTTPS
Indicates whether the authorization server should require an HTTPS connection to authorize requests.
If enabled (the default), Integration Server requires that the authorization server uses HTTPS to invoke the pub.oauth services. If disabled, Integration Server allows client applications to use HTTP to access the pub.oauth services.
Note: If Require HTTPS is enabled and the client application accesses any of the pub.oauth services over HTTP, Integration Server issues an HTTP 500 error response to the client and writes a service exception to the error log.
Important: You can disable Require HTTPS to simplify development, but you should use HTTPS in production in accordance with the OAuth Framework. If you do not require HTTPS, the authorization server transmits access tokens in clear text, making them vulnerable to theft.
Authorization code expiration interval
Specifies the length of time (in seconds) that the authorization code issued by the authorization server is valid.
Valid values are between 1 and 2147483647. The default value is 600.
Access token expiration interval
Specifies the length of time (in seconds) that access tokens issued by the authorization server are valid.
Select...
To...
Never Expires
Indicate that the access token never expires
Expires in and enter the number of seconds. The maximum value is 2147483647. The default is 3600.
Specify the length of time that the access token is valid
Authorization server
If you are configuring Integration Server as a resource server, select the server that will be the authorization server. You can use an Integration Server as the authorization server or you can use an external authorization server.
The Authorization server list displays the configured remote server aliases and external authorization server aliases that are available for use.
If you intend to use a remoteIntegration Server as the authorization server and you have not already defined an alias for the authorization server, click the Authorization server link to go to the Remote Servers screen. For information about creating a remote server alias, see Setting Up Aliases for Remote Integration Servers.
If you intend to use an external authorization server and you have not already defined an alias for the authorization server, click the Add External Authorization Server link to go to the External Authorization Server > Add screen. For information about creating an alias for an external authorization server, see Using an External Authorization Server.
Select local if the resource server is the same Integration Server as the authorization server.
If you are configuring Integration Server as the authorization server only, Integration Server ignores the value of this field.
5. Click Save Changes.

Copyright © 2017-2018 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release