Task 4: Configuring and Starting the Authorization Service
- Procedure
-
Before starting the Authorization service, configure the application properties from the following table in the
$OM_HOME/roles/authorization-service/standalone/config/application.properties
file. To update the properties, you can refer to the sample file present under the$OM_HOME/samples/authorization-services
directory for Oracle and PostgreSQL as per your requirement. The default values are set for PostgreSQL.In the case of OIDC EXTERNAL identityProviderType, update the following properties in the
$OM_HOME/seed-data/app-properties/ConfigValues_Common.json
file for mapping tenant, username, and user roles specific to your organization.{ "propName": "tenantIdMapping", "propDescription": "key in the token claims that refers to tenantId", "propValue": "TENANTID", "valueType": "string", "isTenantProperty": "false" }, { "propName": "userNameMapping", "propDescription": "key in the token claims that refers to userName", "propValue": "user_name", "valueType": "string", "isTenantProperty": "false" }, { "propName": "userRoleMapping", "propDescription": "key in the token claims that refers to userRole", "propValue": "authorities", "valueType": "string", "isTenantProperty": "false" }
Category Element Default Value General server.port 9091 default.tenant.id TIBCO auth.superuser.appId auth auth.superuser.appKey ENC(P2yXphz4OVM=)
Note: It is a good practice to change this default value and set your own key in an encrypted value. Refer to the 'Encrypt Password Utility' section in the TIBCO® Order Management Administration guide.allowedUserRoles
ROLE_ADMIN, ROLE_USER
Note: In the case of EXTERNAL identityProviderType (OIDC), add the UserRoles specific to your organization in this property value.Actuator Endpoints Properties management.endpoints.web.exposure.include Health, ready, loggers Authentication Token Generation Configuration authorization.access.token.validity 43200 authorization.refresh.token.validity 2592000 Allowed Cross Origin Resources allowedCorsOrigins http://localhost:9091,http://localhost:9090,http://localhost:9092,
http://localhost:9094,http://localhost:9099,http://localhost:9095,
http://localhost:9102,http://localhost:9100,http://localhost:9093,
http://localhost:9089,http://localhost:9104,http://localhost:8090,
http://localhost:8093,http://localhost:8090Relational Database Connection Properties datasourceDriverClassName org.postgresql.Driver adminDsUrl jdbc:postgresql://localhost:5432/admindbll?currentSchema=adminschemall adminDsUsername Adminuserll adminDsPassword ENC(O4UrXXgTEmyecFyHLo+Ivw==) hibernateDialect org.hibernate.dialect.PostgreSQLDialect hibernateDsDefaults False adminHibernateShowSql
False adminDsInitialSize= 10 adminDsMaxWait
30000 adminDsMaxActive
100 adminDsMaxIdle 100 adminDsMinIdle
10 datasourceValidationQuery
SELECT 1 adminDsTestOnBorrow True adminDsValidationInterval 5000 adminDsTestWhileIdle true adminDsTimeBetweenEvictionRunsMillis 5000 adminDsMinEvictableIdleTimeMillis 5000 adminDsNumTestsPerEvictionRun 5 adminDsDefaultAutoCommit false adminDsRollbackOnReturn false adminDsCommitOnReturn false Host Header Filter Properties hostHeaderSecurityFlag false trustedDomain localhost Get total number of db connection in management/health API getTotalDsConnection false - Start the authorization service by running the
start.sh
script from the$OM_HOME/roles/authorization-service/standalone/bin
directory.