You open the REST Server agent configuration dialog from a workflow configuration: you can right-click the agent icon and select Configuration..., or double-click the agent icon.
General Tab
The General tab contains settings related to the location and authentication of the REST server.
REST Server agent configuration - General tab
Setting | Description |
---|---|
Local Address | The local address that the server will bind to. If the field is left empty, the server will bind to the default address. |
Port | The port the server will listen to. Default port is 80. |
REST Server Profile | Click Browse to select a predefined REST Server Profile. The profile contains the configuration of the request URI allowed by REST Server. For further information, see 8.16 REST Server Profile. Note! If you have not select a profile, any request URI will be allowed by the REST Server agent. |
Use TLS | If enabled, the communication channels will be encrypted. You must select this option for the TLS Keystore, TLS Keystore Password as well as the Enable 2-way Authentication option to be made available. |
TLS Keystore | A keystore file containing the server certificate to be used with TLS. Enter the full path to a keystore file on the local or mounted disk on the execution host. |
TLS Keystore Password | The password for the keystore file. |
Enable 2-way Authentication | If enabled, two-way authentication is enabled for the communication channels. |
2-way Truststore | Enter the full path to a truststore file on the local or mounted disk on the execution host. |
2-way Truststore Password | The password for the selected truststore file. You must populate this field if you want to use a specific truststore. |
Additional Certificate Validation | If enabled, the agent will perform certificate chain validation and revocation status check. You must configure CRL (Certificate Revocation List) file path or CRLDP (Certificate Revocation List Distribution Points) if this is enabled. |
CRL File Path | Path to the Certificate Revocation List (CRL) file that has been downloaded locally. Enable CRLDP will be greyed out when configuring the file path. |
Enable CRLDP | Enable Certificate Revocation List Distribution Points (CRLDP) extension support. CRL File Path will be greyed out when enabling CRLDP. |
Server Timeout (s) | The number of seconds before the server closes a request. If the timeout is set to 0 (zero) no timeout will occur. Default value is 5. |
To generate the keystore file using , please refer to the 2.2.11 keytool command.
You can find the TLS hanshake failed error from the EC log. You can also find the error if you have debug turned on your workflow monitor.
Authentication Tab
The Authentication tab contains settings related to the OAuth 2.0 Authentication for the REST Server agent.
REST Server agent configuration - Authentication tab
Setting | Description |
---|---|
OAuth 2.0 Authentication | If enabled, the REST Server agent will check all incoming HTTP requests for access tokens and validate the access tokens. Only access tokens generated by the Authorization Server will be accepted. You must select this option for the OAuth Truststore, OAuth Truststore Password and JWT Public Alias to be made available. Enable Use TLS, under the General tab, is also required if OAuth 2.0 Authentication is enabled. |
OAuth Truststore | Path to the truststore where the public key for access token validation from the OAuth2 Service is stored. Only Java KeyStore (JKS) format is supported. Enter the full path to a truststore file on the local or mounted disk on the execution host. |
OAuth Truststore Password | The password for the truststore Same Password All keys must have the same password as the truststore. |
JWT Public Key Alias | The alias of the key inside the truststore to be used to access token validation. The key referred here is the public key of the RSA key pair defined in the "jwt" configuration of the Authorization Server. The alias password, when configured during the construction of the truststore certificate should be the same as OAuth Truststore password. |
Advanced Tab
The Advance tab contains additional properties that can be configured for the REST Server agent.
REST Server agent configuration - Advanced tab
See the text in the Properties field for further information about the other properties that you can set.
You open the REST Server agent configuration dialog from a workflow configuration: you can right-click the agent icon and select Configuration..., or double-click the agent icon.
General Tab
The General tab contains settings related to the location and authentication of the REST server.
REST Server agent configuration - General tab
Setting | Description |
---|---|
Local Address | The local address that the server will bind to. If the field is left empty, the server will bind to the default address. |
Port | The port the server will listen to. Default port is 80. |
REST Server Profile | Click Browse to select a predefined REST Server Profile. The profile contains the configuration of the request URI allowed by REST Server. For further information, see 8.16 REST Server Profile. Note! If you have not select a profile, any request URI will be allowed by the REST Server agent. |
Use TLS | If enabled, the communication channels will be encrypted. You must select this option for the TLS Keystore, TLS Keystore Password as well as the Enable 2-way Authentication option to be made available. |
TLS Keystore | A keystore file containing the server certificate to be used with TLS. Enter the full path to a keystore file on the local or mounted disk on the execution host. |
TLS Keystore Password | The password for the keystore file. |
Enable 2-way Authentication | If enabled, two-way authentication is enabled for the communication channels. |
2-way Truststore | Enter the full path to a truststore file on the local or mounted disk on the execution host. |
2-way Truststore Password | The password for the selected truststore file. You must populate this field if you want to use a specific truststore. |
Server Timeout (s) | The number of seconds before the server closes a request. If the timeout is set to 0 (zero) no timeout will occur. Default value is 5. |
To generate the keystore file using , please refer to the 2.2.11 keytool command.
Authentication Tab
The Authentication tab contains settings related to the OAuth 2.0 Authentication for the REST Server agent.
REST Server agent configuration - Authentication tab
Setting | Description |
---|---|
OAuth 2.0 Authentication | If enabled, the REST Server agent will check all incoming HTTP requests for access tokens and validate the access tokens. Only access tokens generated by the Authorization Server will be accepted. You must select this option for the OAuth Truststore, OAuth Truststore Password and JWT Public Alias to be made available. Enable Use TLS, under the General tab, is also required if OAuth 2.0 Authentication is enabled. |
OAuth Truststore | Path to the truststore where the public key for access token validation from the OAuth2 Service is stored. Only Java KeyStore (JKS) format is supported. Enter the full path to a truststore file on the local or mounted disk on the execution host. |
OAuth Truststore Password | The password for the truststore Same Password All keys must have the same password as the truststore. |
JWT Public Key Alias | The alias of the key inside the truststore to be used to access token validation. The key referred here is the public key of the RSA key pair defined in the "jwt" configuration of the Authorization Server. The alias password, when configured during the construction of the truststore certificate should be the same as OAuth Truststore password. |
Advanced Tab
The Advance tab contains additional properties that can be configured for the REST Server agent.
REST Server agent configuration - Advanced tab
See the text in the Properties field for further information about the other properties that you can set.