System administrators can copy a key file to Eclipse Amlen to use in an OAuth profile by using the Eclipse Amlen REST API PUT method. System administrators can create an OAuth profile by using the Eclipse Amlen REST API POST method. Existing OAuth profiles can also be updated by system administrators by using the Eclipse Amlen REST API POST method.
You can create or update an OAuth profile by using REST Administration APIs, or by using the Amlen WebUI. For more information about using the Amlen WebUI to create an OAuth profile, see Configuring OAuth profiles by using the Amlen WebUI.
- Optional:
Import a key file to use to secure the connection to the authorization server by using
the Eclipse Amlen REST API PUT method with the
following Eclipse Amlen file URI:
http://<admin-endpoint-IP:Port>/ima/v1/file/<filename>
The certificate is copied to /var/lib/amlen-server/userfiles
-
To create or update an OAuth profile, use the Eclipse Amlen REST API POST method with the following Eclipse Amlen configuration URI:
http://<admin-endpoint-IP:Port>/ima/v1/configuration/
-
Provide OAuthProfile object configuration data in the payload of the POST method by using the
following schema. Content-type is set to
application/json. Ensure that capitalization and double quotation marks are
used as shown.
{
"OAuthProfile": {
"<NameOfOAuthProfile>": {
"ResourceURL": "string",
"KeyFileName": "string",
"AuthKey": "string",
"UserInfoURL": "string",
"UserInfoKey": "string",
"GroupInfoKey": "string",
"TokenSendMethod": "URLParam" (default)|"HTTPHeader",
"Overwrite": true|false
}
}
}
Where:
- NameOfOAuthProfile
- Required.
- Specifies a name for the OAuth profile.
- The name can be a maximum of 256 alphanumeric characters. The first character must not be a
number.
- After the profile is created, this name cannot be changed.
- ResourceURL
- Required if you are creating an OAuth profile.
- Specifies the authorization server URL that is used to validate the access token.
- The URL must include the protocol. The protocol can be either
http
or
https
.
- KeyFileName
- Specifies the name of the key file (certificate for the OAuth Server) to use with this OAuth
profile. The file must exist on Eclipse Amlen in the
following path: /var/messagesight/data/certificates/OAuth/.
- The name can be a maximum of 255 alphanumeric characters. The first character must not be a
number.
- CheckServerCert
- Available in version 5.0.0.2 and later releases. Possible options are as follows:
- TrustStore
- When connecting to the LDAP server, the certificate that is presented by the server is checked
using the certificate that is uploaded to the product trust store.
- PublicTrust
- The certificate that is presented by the LDAP server is checked against the public certificates
that are installed as part of the operating system.
- DisableVerify
- No certificate verification is performed when connecting to the LDAP server. This is an insecure
option that is designed for testing purposes only.
- AuthKey
- Specifies the name of the key that is used to store the access token.
- The default value is
access_token
.
- UserInfoURL
- Specifies the authorization server URL that is used to retrieve the user information.
- The URL must include the protocol. The protocol can be either
http
or
https
.
- UserInfoKey
- Specifies the name of the key that is used to store the user information.
- The name must not have leading or trailing spaces and cannot contain control characters, commas,
double quotation marks, backslashes, or equal signs.
- GroupInfoKey
- Specifies the name of the key that is used to retrieve the group information.
- The name must not have leading or trailing spaces and cannot contain control characters, commas,
double quotation marks, backslashes, or equal signs.
- If this parameter is specified, Eclipse Amlen does not
retrieve group information from any other source.
- TokenSendMethod
- Specifies how an access token is included in the request to a Resource URL either as a parameter
in the URL (the default) or as an HTTP Header in the request.
- The
AuthKey
setting determines the name of the URL parameter or the HTTP
Header.
- Overwrite: true|false
- Specifies whether an existing certificate and key are overwritten if they have the same
name.
- The default value is false which means that an existing certificate and key are not overwritten
if they have the same name.
You can check that the configuration of your OAuth profile is as expected by using the Eclipse Amlen REST Administration API GET method. For more
information about the GET method, see Viewing configuration details of objects that can be named by using REST Administration APIs.
The following example shows the creation of an OAuth profile named
MyOAuthProfile
by using cURL:
curl -X POST \
-H 'Content-Type: application/json' \
-d '{
"OAuthProfile": {
"MyOAauthProfile": {
"ResourceURL": "http://myOAuthexample.com/home.jsp"
}
}
}
' \
http://127.0.0.1:9089/ima/v1/configuration/
The following shows an example response to the POST method.
{
"Version": "v1",
"Code": "CWLNA6011",
"Message": "The requested configuration change has completed successfully."
}