...
Setting | Description | |||||
---|---|---|---|---|---|---|
Local Address | The local address that the server will bind to. If the field is left empty, the server will bind to the default address. | |||||
Port | The port the server will listen to. Default The default port is 80. | |||||
REST Server Profile | Click Browse to select a predefined REST Server Profile. The profile contains the configuration of the request URI allowed by the REST Server. For further information, see 8.16 REST Server Profile.
| |||||
Use TLS | If enabled, the communication channels will be encrypted. You must select this option for the TLS Keystore, TLS Keystore Password as well as the Enable 2-way Authentication option to be made available. | |||||
TLS Keystore | A keystore file containing the server certificate to be used with TLS. Enter the full path to a keystore file on the local or mounted disk on the execution host. | |||||
TLS Keystore Password | The password for the keystore file. | |||||
Enable 2-way Authentication | If enabled, two-way authentication is enabled for the communication channels. | |||||
2-way Truststore | Enter the full path to a truststore file on the local or mounted disk on the execution host. | |||||
2-way Truststore Password | The password for the selected truststore file. You must populate this field if you want to use a specific truststore. | |||||
Additional Certificate Validation | If enabled, the agent will perform certificate chain validation and revocation status checkchecks. You must configure the CRL (Certificate Revocation List) file path or CRLDP (Certificate Revocation List Distribution Points) if this is enabled. | |||||
CRL File Path | Path to the Certificate Revocation List (CRL) file that has been downloaded locally. Enable CRLDP will be greyed out when configuring the file path. | |||||
Enable CRLDP | Enable Certificate Revocation List Distribution Points (CRLDP) extension support. CRL File Path will be greyed out when enabling CRLDP. | |||||
Server Timeout (s) | The number of seconds before the server closes a request. If the timeout is set to 0 (zero) no timeout will occur. Default The default value is 5. |
Note |
---|
To generate the keystore file using , please refer to the 2.2.11 keytool command. |
Note |
---|
You can find the TLS hanshake handshake failed error from the EC log. You can also find the error if you have debug turned on for your workflow monitor. |
Authentication Tab
...
Setting | Description | |||||
---|---|---|---|---|---|---|
OAuth 2.0 Authentication | If enabled, the REST Server agent will check all incoming HTTP requests for access tokens and validate the access tokens. Only access tokens generated by the Authorization Server will be accepted.
| |||||
OAuth Truststore | Path to the truststore where the public key for access token validation from the OAuth2 Service is stored. Only the Java KeyStore (JKS) format is supported. Enter the full path to a truststore file on the local or mounted disk on the execution host. | |||||
OAuth Truststore Password | The password for the truststore
| |||||
JWT Public Key Alias | The alias of the key inside the truststore is to be used to access token validation. The key referred to here is the public key of the RSA key pair defined in the "jwt" configuration of the Authorization Server.
|
...
See the text in the Properties field for further information about the other properties that you can set.
You open the REST Server agent configuration dialog from a workflow configuration: you can right-click the agent icon and select Configuration..., or double-click the agent icon.
General Tab
The General tab contains settings related to the location and authentication of the REST server.
REST Server agent configuration - General tab
...
The local address that the server will bind to. If the field is left empty, the server will bind to the default address.
...
Click Browse to select a predefined REST Server Profile. The profile contains the configuration of the request URI allowed by REST Server.
For further information, see 8.16 REST Server Profile.
Note | ||
---|---|---|
| ||
If you have not select a profile, any request URI will be allowed by the REST Server agent. |
...
If enabled, the communication channels will be encrypted.
You must select this option for the TLS Keystore, TLS Keystore Password as well as the Enable 2-way Authentication option to be made available.
...
A keystore file containing the server certificate to be used with TLS.
Enter the full path to a keystore file on the local or mounted disk on the execution host.
...
If enabled, two-way authentication is enabled for the communication channels.
...
Enter the full path to a truststore file on the local or mounted disk on the execution host.
...
The password for the selected truststore file.
You must populate this field if you want to use a specific truststore.
...
Note |
---|
To generate the keystore file using , please refer to the 2.2.11 keytool command. |
Authentication Tab
The Authentication tab contains settings related to the OAuth 2.0 Authentication for the REST Server agent.
REST Server agent configuration - Authentication tab
...
If enabled, the REST Server agent will check all incoming HTTP requests for access tokens and validate the access tokens. Only access tokens generated by the Authorization Server will be accepted.
...
Note |
---|
You must select this option for the OAuth Truststore, OAuth Truststore Password and JWT Public Alias to be made available. Enable Use TLS, under the General tab, is also required if OAuth 2.0 Authentication is enabled. |
...
Path to the truststore where the public key for access token validation from the OAuth2 Service is stored. Only Java KeyStore (JKS) format is supported.
Enter the full path to a truststore file on the local or mounted disk on the execution host.
...
The password for the truststore
Note | ||
---|---|---|
| ||
All keys must have the same password as the truststore. |
...
The alias of the key inside the truststore to be used to access token validation.
The key referred here is the public key of the RSA key pair defined in the "jwt" configuration of the Authorization Server.
Note |
---|
The alias password, when configured during the construction of the truststore certificate should be the same as OAuth Truststore password. |
Advanced Tab
The Advance tab contains additional properties that can be configured for the REST Server agent.
REST Server agent configuration - Advanced tab
...
Scroll ignore | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||