Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
titleAuthorization Server
enabled=false

# --------------------------------------------------------------------------------
# Storage Properties
# --------------------------------------------------------------------------------
# Only used when storage type is "database". PostgreSQL or Oracle DB only
storage.database.profile-name=<Path.DBProfileName>
storage.database.poolsize=8
# Only used when storage type is "file-based"
storage.file-based.storage-location=/path/to/file/storage
# The storage type can be either "file-based" or "database"
storage.type=file-based

# --------------------------------------------------------------------------------
# Server Properties
# --------------------------------------------------------------------------------
# Validity period in seconds for access token generated
server.access-token-expiry=1800

# --------------------------------------------------------------------------------
# Management Api Properties
# --------------------------------------------------------------------------------
management-api.enable-basic-auth=true
# HTTP Basic Authentication Password
management-api.password=<password>
# HTTP Basic Authentication Username
management-api.username=<

# --------------------------------------------------------------------------------
# JSON Web Token (JWT) Properties
# --------------------------------------------------------------------------------
jwt.key-id=jwt
jwt.key-password=<password>
jwt.keystore-location=/path/to/keystore
jwt.keystore-password=<password>
# Only RS256, RS384 and RS512 are supported
jwt.signature-algorithm=RS256


Storage

The OAuth2 Service can store provisioned scopes and registered clients into memory or persistent storage.

...

Parameter NameDescription
type

Type of storage to be used. The value can be one of the following:

file-based (Default) - The data will be stored in a file-based storage

database - The data will be stored in a database.

Info

Only PostgreSQL and Oracle database are currently supported.


file-based.storage-location

Location of the file-based storage. Will be created if not found. Only used when storage type is set to "file-based"

Note

For fresh installs, the last path in the location should be non-existent as the Authorization server will create it automatically.


database.profile-name

The Database Profile Name in MZ to be used. Only used when storage type is set to "database". The value of the profile name should include the directory name as shown in the desktop UI.

Info
titleExample


Code Block
storage.database.profile-name=REST.PRF_DB



database.poolsize
The size of the connection pool, representing the number of database connections that are kept open and ready for use. Only used when stroage type is set to "database". 

Server

The server configuration for the OAuth2 Service that will determine where the access token endpoint will be hosted on and the access token expiry.

Parameter NameDescription
access-token-expiry
Validity period in seconds for access token generated


Management API

The Management API is used to provision scopes and register clients via HTTP. Clients need to be registered before any access token can be requested.

The Management API configuration is used to configure the base endpoint in the Authorization Server that will be used to host the Management API.

For more information on the function of the Management API, refer to Management API(4.0).

Parameter NameDescription
enable-basic-auth

Enable HTTP Basic Authentication for Management API

Info

It is recommended to have enable-basic-auth set to true. This is so the list of clients and scope will not be accessible to anyone without the proper credentials mentioned below.


username
Username for HTTP Basic Authentication (if enabled)
password
Password for HTTP Basic Authentication (if enabled). Must be encrypted using "mzsh encryptpassword" command


JWT

...