Security Properties
Procedure
- Select the Gateway Engine Properties from the drop-down list.
-
Click the
Security
link:
Security Properties Property Description Common Anonymous Partner Name Specifies a default partner name for the unauthenticated requests. OAuth Transport Scheme - Specifies the transport type used to connect to for TIBCO API Exchange Gateway OAuth server.
The possible values are:
- See OAuth HTTP Transport to set the OAuth HTTP transport settings.
- See OAuth WebApps SSL to set the OAuth HTTPS (SSL) transport settings.
OAuth HTTP Transport Port Specifies the non-SSL port number of the TIBCO API Exchange Gateway OAuth Server. The default value is 9322.
OAuth WebApps SSL Properties are shown if the transport scheme is selected as HTTPS.
Host Specifies the IP address of the TIBCO API Exchange Gateway OAuth Server. Port Specifies the SSL port number of the TIBCO API Exchange Gateway OAuth Server. The default value 9333.
Use SSL This is a Boolean field which indicates if SSL should be enabled for accepting HTTPS requests for OAuth APIs and servlets. If set to true, SSL is enabled to accept the requests using HTTPS transport for the OAuth server. The default value is true.
Identity Resource Specifies an identity resource used by OAuthWebappsSSLConnection HTTP shared resource to provide SSL properties for the OAuth servlets and APIs. The default value is
/DefaultImplementation/SharedResources/HTTP/OAuthIdentityResource.id
Identity File Type Specifies the type of identity resource used by OAuthWebappsSSLConnection HTTP shared resource. The possible values are as follows:
If Identity File Type is of type Identity File , enter the Identity Type, Identity URL, and Identity File Password parameters.
If Identity File Type is of type Certificate/Private Key, enter the Certificate URL, Key URL, Key Password parameters.
Identity Type Specifies the type of the keystore if the Identity File Type is of the Identity File type. The supported values are as follows: Identity URL Specifies the URL to the identity file used for the OAuth server SSL connection if the Identity File Type is of the Identity File type. For example, C:\keystore.jks
Identity File Password Specifies the password for the identity file used for the OAuth server SSL connection if the Identity File Type is of the Identity File type. Certificate URL Specifies the URL to the certificate file used for the OAuth server SSL connection if Identity File Type is of the Certificate/Private Key type. Key URL Specifies the URL to the private key in certificate file used for the OAuth server SSL connection if Identity File Type is of the Certificate/Private Key type. Key Password Specifies the password for the private key used for the OAuth server SSL connection if Identity File Type is of the Certificate/Private Key type. Requires Client Authentication Indicates a Boolean flag to enable or disable mutual SSL authentication for HTTPs transport used for OAuth server requests from the requestor. When this field is set to true, the Trusted Certificates Folder becomes enabled so that you can specify a location containing the list of trusted certificate authorities.
Truststore Password Specifies the password to access the certificate stored in the folder defined by the Trusted Certificate Folder field. Trusted Certificate Folder Specifies a folder containing one or more certificates from trusted certificate authorities, which is required for mutual SSL authentication. Required when the RequiresClientAuthentication property is set to true.
Portal Engine Integration Properties Engine URL Specifies the URL of the portal engine if used as a client. For example, the engine URL can be specified as follows: http://portal_host_name:9122 where portal_host_name is the host machine running the portal engine.
General WebApps Path OAuth Data Space Access Token Retention Period Specifies the expiration time (in minutes) for an access token. The default value is 60 minutes. When the access token passes expiration time as specified by this property, it is no longer valid but still remains in the database. MetaSpace Name Local Discovery URL Specifies the discovery URL for this OAuth instance of the metaspace discovers the current metaspace members. For example, tcp://machine1_IP_Address:6300;machine2_IP_Address:6300
Local Listen URL Specifies the listening URL for this OAuth instance of the metaspace. For example, tcp://machine1_IP_Address:6300
Batch Size Specifies the maximum number of entries to return when querying the data such as access token details. Properties For OAuth Persister Persister Store - Defines the type of persistence store. The possible values are:
- You can select the type of persistence store from a drop-down list. When the Database is selected, you must define the properties for database server connection. See Database Connection Properties for OAuth Persister as Database.
Database Connection Properties for OAuth Persister as Database Set the properties if the OAuth Persister is selected as Database type.
Driver Specifies the database JDBC driver when Database is used as OAuth persistence store. JDBC URL Specifies the JDBC url for the database server when Database is used as the OAuth persistence store. JDBC User Name Specifies the user name to connect to the database server when Database is used as the OAuth persistence store. JDBC Password Specifies the password of the user to connect to the database server when Database is used as the OAuth persistence store. Properties For OAuth Adapters Resource Path Name Specifies the directory from where the custom adapters loads the resources such as properties file used by adapters. This directory location is relative to the ASG_HOME. For example, if the value is specified as /examples/OAuth/resources, the custom adapter looks for the resources such as properties file in the ASG_HOME/examples/OAuth/resources directory.
Owner Adapter - Specifies the class that provides the owner adapter interface. This adapter is used to authenticate the resource owner and provide the login and access grant pages. See the
Owner Service Provider Interface for details.
For example, for the file based owner adapter interface, the value is specified as: com.tibco.asg.oauth.identity.provider.file.OwnerAdapterService
- The jar file that contains this adapter implementation must be placed in a directory in the classpath set in the ASG_HOME/bin/asg-engine.tra file. See Deploying Custom Adapters for details.
Client Adapter - Specifies the class that provides the client adapter interface. This adapter is used to authenticate the client and to retrieve the client attributes. See
Client Service Provider Interface for details.
For example, for the file based client adapter interface, the value is specified as: com.tibco.asg.oauth.identity.provider.file.ClientAdapterService
- The jar file that contains this adapter implementation must be placed in a directory in the classpath set in the ASG_HOME/bin/asg-engine.tra file. See Deploying Custom Adapters for details.
Scope Adapter - Specifies the class that provides the Scope Adapter interface. This adapter is used to retrieve the scope description and the scope from a specific resource for a given owner. See
Scope Service Provider Interface for details.
For example, for the file based scope adapter interface, value is specified as:
com.tibco.asg.oauth.identity.provider.file.ScopeAdapterService
- The jar file that contains this adapter implementation must be placed in a directory in the classpath set in the ASG_HOME/bin/asg-engine.tra file. See Deploying Custom Adapters for details.
Portal Engine Integration Properties Engine URL Specifies the URL of the portal engine. For example, the engine URL can be specified as: http://portal_host_name:9122 - Specifies the transport type used to connect to for TIBCO API Exchange Gateway OAuth server.