Authorization Server is a service located on the platform and the Access Token generated from the server is sent back to the client from the platform.
To enable the Authorization Server, refer to the following steps:
Examine the authorization-server.properties file and ensure that all relevant parameters and values are set correctly. The file is located at
$MZ_HOME/etc/authorization-server/authorization-server.properties. Please note that if you are using “file-based” as storage, you do not need to manually create the folder as specified instorage.file-based.storage-location, as it will be automatically created during platform startup.enabled=false # -------------------------------------------------------------------------------- # Storage Properties # -------------------------------------------------------------------------------- # Only used when storage type is "database". PostgreSQL or Oracle DB only storage.database.profile-name=<Path.DBProfileName> storage.database.poolsize=8 # Only used when storage type is "file-based" storage.file-based.storage-location=/path/to/file/storage # The storage type can be either "file-based" or "database" storage.type=file-based # -------------------------------------------------------------------------------- # Server Properties # -------------------------------------------------------------------------------- # Validity period in seconds for access token generated server.access-token-expiry=1800 # -------------------------------------------------------------------------------- # Management Api Properties # -------------------------------------------------------------------------------- management-api.enable-basic-auth=true # HTTP Basic Authentication Password management-api.password=<password> # HTTP Basic Authentication Username management-api.username=<username> # -------------------------------------------------------------------------------- # JSON Web Token (JWT) Properties # -------------------------------------------------------------------------------- jwt.key-id=jwt jwt.key-password=<password> jwt.keystore-location=/path/to/keystore jwt.keystore-password=<password> # Only RS256, RS384 and RS512 are supported jwt.signature-algorithm=RS256
The following is an example of parameters that have been configured accordingly to the requirements.
enabled=true # -------------------------------------------------------------------------------- # Storage Properties # -------------------------------------------------------------------------------- # Only used when storage type is "database". PostgreSQL or Oracle DB only storage.database.profile-name=<Path.DBProfileName> storage.database.poolsize=8 # Only used when storage type is "file-based" storage.file-based.storage-location=/Users/limyizhan/Workspace/mz9/mz-drx/mediationzone/storage/oauth2.storage # The storage type can be either "file-based" or "database" storage.type=file-based # -------------------------------------------------------------------------------- # Server Properties # -------------------------------------------------------------------------------- # Validity period in seconds for access token generated server.access-token-expiry=1800 # -------------------------------------------------------------------------------- # Management Api Properties # -------------------------------------------------------------------------------- management-api.enable-basic-auth=true # HTTP Basic Authentication Password management-api.password=DR-4-6912EB66E4E5FDF6035DBF848195669A # HTTP Basic Authentication Username management-api.username=mzadmin # -------------------------------------------------------------------------------- # JSON Web Token (JWT) Properties # -------------------------------------------------------------------------------- jwt.key-id=selfsigned jwt.key-password=DR-4-6912EB66E4E5FDF6035DBF848195669A jwt.keystore-location=/Users/limyizhan/Downloads/keystore_server.jks jwt.keystore-password=DR-4-6912EB66E4E5FDF6035DBF848195669A # Only RS256, RS384 and RS512 are supported jwt.signature-algorithm=RS256
Startup the platform to enable the Authorization Server.
$ mzsh startup platform
To enable the https for Authorization Server, refer to HTTP Encryption.