Configuring OAuth

You can configure OAuth by using OAuth profiles. The OAuth profile defines the URLs and keys that are required to use OAuth single sign-on with Eclipse Amlen. The OAuth profile must be associated with a security profile, and the security profile must be associated with an endpoint.

For more information about OAuth, see OAuth.

When you create an OAuth profile, you must specify the following components:
  • Name
    Specifies the name that identifies the OAuth profile.
    The name must not have leading or trailing spaces and cannot contain control characters, commas, double quotation marks, backslashes, or equal signs. The first character must not be a number or any of the following special characters:

    ! # $ % & ' ( ) * + - . / : ; < > ? @

  • Resource URL
    Specifies the authorization server URL that is used to validate the access token.
    The URL must include the protocol. The protocol can be http or https.

You can also specify the following components:

  • OAuth Server Certificate
    Specifies the name of the file that contains the certificate that is used to secure the connection to the authorization server.
    This parameter is known as the KeyFileName if you are using REST Administration APIs.
  • Check Server Certificate
    Available in version 5.0.0.2 and later releases. Possible options are as follows:
    Use messaging server trust store
    When connecting to the LDAP server, the certificate that is presented by the server is checked using the certificate that is uploaded to the product trust store.
    Use public trust store
    The certificate that is presented by the LDAP server is checked against the public certificates that are installed as part of the operating system.
    Disable certificate verification
    No certificate verification is performed when connecting to the LDAP server. This is an insecure option that is designed for testing purposes only.
  • Authorization Key
    Specifies the name of the key that is used to store the access token.
  • User Info URL
    Specifies the authorization server URL that is used to retrieve the user information.
    The URL must include the protocol. The protocol can be http or https.
  • User Info Key
    Specifies the name of the key that is used to retrieve the user information.
  • Group Info Key
    Specifies the name of the key that is used to retrieve the group information.
    If this parameter is specified, Eclipse Amlen does not retrieve group information from any other source.

For more information about configuring OAuth profiles by using the Amlen WebUI, see Configuring OAuth profiles by using the Amlen WebUI.

For more information about configuring OAuth profiles by using REST Administration APIs, see Creating and updating an OAuth profile by using REST Administration APIs.