Authorization Server is a service located on the platform and the Access Token generated from the server is sent back to the client from the platform.
To enable the Authorization Server, refer to the following steps:
Examine the authorization-server.properties file and ensure that all the relevant parameters and values are set correctly. The authorization-server.properties file is located in "<mz9>/etc/authorization-server/authorization-server.properties".
enabled=false # -------------------------------------------------------------------------------- # Storage Properties # -------------------------------------------------------------------------------- # Only used when storage type is "database". PostgreSQL or Oracle DB only storage.database.profile-name=<Path.DBProfileName> storage.database.poolsize=8 # Only used when storage type is "file-based" storage.file-based.storage-location=/path/to/file/storage # The storage type can be either "file-based" or "database" storage.type=file-based # -------------------------------------------------------------------------------- # Server Properties # -------------------------------------------------------------------------------- # Validity period in seconds for access token generated server.access-token-expiry=1800 # -------------------------------------------------------------------------------- # Management Api Properties # -------------------------------------------------------------------------------- management-api.enable-basic-auth=true # HTTP Basic Authentication Password management-api.password=<password> # HTTP Basic Authentication Username management-api.username=< # -------------------------------------------------------------------------------- # JSON Web Token (JWT) Properties # -------------------------------------------------------------------------------- jwt.key-id=jwt jwt.key-password=<password> jwt.keystore-location=/path/to/keystore jwt.keystore-password=<password> # Only RS256, RS384 and RS512 are supported jwt.signature-algorithm=RS256
The following is an example of parameters that have been configured accordingly to the requirements.
enabled=true # -------------------------------------------------------------------------------- # Storage Properties # -------------------------------------------------------------------------------- # Only used when storage type is "database". PostgreSQL or Oracle DB only storage.database.profile-name=<Path.DBProfileName> storage.database.poolsize=8 # Only used when storage type is "file-based" storage.file-based.storage-location=/Users/limyizhan/Workspace/mz9/mz-drx/mediationzone/storage/oauth2.storage # The storage type can be either "file-based" or "database" storage.type=file-based # -------------------------------------------------------------------------------- # Server Properties # -------------------------------------------------------------------------------- # Validity period in seconds for access token generated server.access-token-expiry=1800 # -------------------------------------------------------------------------------- # Management Api Properties # -------------------------------------------------------------------------------- management-api.enable-basic-auth=true # HTTP Basic Authentication Password management-api.password=DR-4-6912EB66E4E5FDF6035DBF848195669A # HTTP Basic Authentication Username management-api.username=mzadmin # -------------------------------------------------------------------------------- # JSON Web Token (JWT) Properties # -------------------------------------------------------------------------------- jwt.key-id=selfsigned jwt.key-password=DR-4-6912EB66E4E5FDF6035DBF848195669A jwt.keystore-location=/Users/limyizhan/Downloads/keystore_server.jks jwt.keystore-password=DR-4-6912EB66E4E5FDF6035DBF848195669A # Only RS256, RS384 and RS512 are supported jwt.signature-algorithm=RS256 }'
Startup the platform to enable the Authorization Server.
$ mzsh startup platform
To enable the https for Authorization Server, refer to HTTP Encryption.