Versions Compared

Old Version 4

changes.mady.by.user Yeok Hong Ng

Saved on

compared with

New Version Current

changes.mady.by.user Ahmad Abdul Wahab

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If you want to enable the Authorization Server, you are required to take the following steps.

  1. Use the mzsh mzadmin/dr topo command to create a new Service Context, which will be attached to oauth2.

    Code Block
    languagetext
    themeEclipse
    mzsh mzadmin/dr topo set topo://container:<container name>/pico:<sc name> '{
       template:mz.standard-sc
         config.properties {
         mz.servicehost.natures:"<startup-natures>"
         mz.servicehost.port.range:"<port range>"
	   }
}'

    See the example below where the service context is named sc4.

    Info
    titleExample - Creating the Service Context


    Code Block
    languagetext
    themeEclipse
    mzsh mzadmin/dr topo set topo://container:main1/pico:sc4 '{
       template:mz.standard-sc
         config.properties {
         mz.servicehost.natures: oauth2
		 mz.servicehost.port.range:"6001-6050"
       }
}'



  2. Use the mzsh mzadmin/dr topo command to add the authorization service as shown below.  You must specify a name for the authorization service, e g oauth2-instance.

    Code Block
    languagetext
    themeEclipse
    mzsh mzadmin/dr topo set topo://services:custom/obj:oauth2 '{    
       oauth2-instance {
        template: "1/standard/basic"
        config {
            jwt {
                key-id=jwt
                key-password="DR_DEFAULT_KEY-xxxxx"
                keystore-location="/path/to/keystore"
                keystore-password="DR_DEFAULT_KEY-xxxxx"
				# Only RS256, RS384 and RS512 are supported
				signature-algorithm=RS256
            }
			management-api {
    			# Management Web API Base URI
    			base-uri="/api"
    			enable-basic-auth=false
    			# HTTP Basic Authentication Password
    			password="DR_DEFAULT_KEY-xxxxx"
    			# HTTP Basic Authentication Username
    			username=mzadmin
			}
            sc=sc4
            server {
                # Validity period in seconds for access token generated
                access-token-expiry=1800
                # Endpoint to request for access token
                access-token-uri="/token"
                host=localhost
                port=10000
            }
            tls {
                enable-tls=false
                enable-two-way-authentication=false
				# Configure keystore if using TLS
                keystore-location="/path/to/keystore"
                keystore-password="DR_DEFAULT_KEY-xxxxxxx"
                # Configure truststore if using 2-way authentication
                truststore-location="/path/to/truststore"
                truststore-password="DR_DEFAULT_KEY-xxxxxxx"
            }
            storage {
                database {
                    # Only used when storage type is "database"
                    profile-name="<Path.DBProfileName>"
                }
                file-based {
                    # Only used when storage type is "file-based"
                    storage-location="/path/to/file/storage"
                }
                # The storage type can be either "file-based" or "database"
                type=file-based
            }
        }
      }
}'

    See the example below, where the authorization service is named oauth2-instance.

    Info
    titleExample - Adding the Authorization Server service


    Code Block
    languagetext
    themeEclipse
    mzsh mzadmin/dr topo set topo://services:custom/obj:oauth2 '{    
       oauth2-instance {
        template: "1/standard/basic"
        config {
            jwt {
                key-id=jwt
                key-password=DR_DEFAULT_KEY-A051F3C63B3D70DD3053CE156B9D38DA
                keystore-location="/home/mzadmin/keystore/auth-server/auth.jks"
                keystore-password=DR_DEFAULT_KEY-A051F3C63B3D70DD3053CE156B9D38DA
				# Only RS256, RS384 and RS512 are supported
				signature-algorithm=RS256 
			}
			management-api {
    			# Management Web API Base URI
    			base-uri="/api"
    			enable-basic-auth=false
    			# HTTP Basic Authentication Password
    			password="DR_DEFAULT_KEY-A051F3C63B3D70DD3053CE156B9D38DA"
    			# HTTP Basic Authentication Username
    			username=mzadmin
			}
            sc=sc4
			server {
                # Validity period in seconds for access token generated
                access-token-expiry=1800
                # Endpoint to request for access token
                access-token-uri="/token"
                host=0.0.0.0
                port=7000
            }
 			tls {
                enable-tls=false
                enable-two-way-authentication=false
                keystore-location="/home/mzadmin/keystore/tls/server.jks"
                keystore-password=DR_DEFAULT_KEY-6912EB66E4E5FDF6035DBF848195669A
                # Configure truststore if using 2-way authentication
                truststore-location="/home/mzadmin/keystore/tls/server.ts.jks"
                truststore-password=DR_DEFAULT_KEY-FEFEACE4D2E2DD5E78CE6CCC322E2DDC
            }
            storage {
                database {
                    # Only used when storage type is "database"
                    profile-name="Default.DBProfile"
                    poolsize=8
                }
                file-based {
                    # Only used when storage type is "file-based"
                    storage-location="/home/mzadmin/oauth2.storage"
                }
                # The storage type can be either "file-based" or "database"
                type="file-based"
            }
        }
      }
}'



  3. Startup the SCs and startup the authorization server:

    Code Block
    languagetext
    themeEclipse
    $ mzsh startup platform sc4
$ mzsh mzadmin/dr service start --scope custom


...