Task 4: Configuring and Starting the Authorization Service

    Procedure
  1. Before starting the Authorization service, configure the application properties from the following table in the $OM_HOME/roles/authorization-service/standalone/config/application.properties file. To update the properties, you can refer to the sample file present under the $OM_HOME/samples/authorization-services directory for Oracle and PostgreSQL as per your requirement. The default values are set for PostgreSQL.

    In the case of OIDC EXTERNAL identityProviderType, update the following properties in the $OM_HOME/seed-data/app-properties/ConfigValues_Common.json file for mapping tenant, username, and user roles specific to your organization.

     {
       "propName": "tenantIdMapping",
       "propDescription": "key in the token claims that refers to tenantId",
       "propValue": "TENANTID",
       "valueType": "string",
       "isTenantProperty": "false"
    },
    {
       "propName": "userNameMapping",
       "propDescription": "key in the token claims that refers to userName",
       "propValue": "user_name",
       "valueType": "string",
       "isTenantProperty": "false"
    },
    {
       "propName": "userRoleMapping",
       "propDescription": "key in the token claims that refers to userRole",
       "propValue": "authorities",
       "valueType": "string",
       "isTenantProperty": "false"
    }
    

    Category Element Default Value  
    General server.port 9091  
    default.tenant.id TIBCO  
    auth.superuser.appId auth  
    auth.superuser.appKey

    ENC(P2yXphz4OVM=)

    Note: It is a good practice to change this default value and set your own key in an encrypted value. Refer to the 'Encrypt Password Utility' section in the TIBCO® Order Management Administration guide.
     

    allowedUserRoles

    ROLE_ADMIN, ROLE_USER

    Note: In the case of EXTERNAL identityProviderType (OIDC), add the UserRoles specific to your organization in this property value.
     
    Actuator Endpoints Properties management.endpoints.web.exposure.include Health, ready, loggers  
    Authentication Token Generation Configuration authorization.access.token.validity 43200  
    authorization.refresh.token.validity 2592000  
    Allowed Cross Origin Resources allowedCorsOrigins http://localhost:9091,http://localhost:9090,http://localhost:9092,
    http://localhost:9094,http://localhost:9099,http://localhost:9095,
    http://localhost:9102,http://localhost:9100,http://localhost:9093,
    http://localhost:9089,http://localhost:9104,http://localhost:8090,
    http://localhost:8093,http://localhost:8090
     
    Relational Database Connection Properties datasourceDriverClassName org.postgresql.Driver  
    adminDsUrl jdbc:postgresql://localhost:5432/admindbll?currentSchema=adminschemall  
    adminDsUsername Adminuserll  
    adminDsPassword ENC(O4UrXXgTEmyecFyHLo+Ivw==)  
    hibernateDialect org.hibernate.dialect.PostgreSQLDialect  
    hibernateDsDefaults False  

    adminHibernateShowSql

    False  
    adminDsInitialSize= 10  

    adminDsMaxWait

    30000  

    adminDsMaxActive

    100  
    adminDsMaxIdle 100  

    adminDsMinIdle

    10  

    datasourceValidationQuery

    SELECT 1  
    adminDsTestOnBorrow True  
    adminDsValidationInterval 5000  
    adminDsTestWhileIdle true  
    adminDsTimeBetweenEvictionRunsMillis 5000  
    adminDsMinEvictableIdleTimeMillis 5000  
    adminDsNumTestsPerEvictionRun 5  
    adminDsDefaultAutoCommit false  
    adminDsRollbackOnReturn false  
    adminDsCommitOnReturn false  
    Host Header Filter Properties hostHeaderSecurityFlag false  
    trustedDomain localhost  
    Get total number of db connection in management/health API getTotalDsConnection false  

  2. Start the authorization service by running the start.sh script from the $OM_HOME/roles/authorization-service/standalone/bin directory.