Task 4: Configuring and Starting Authorization Service

    Procedure
  1. Before starting the Authorization service, configure the application properties from the following table in $OPE_HOME/roles/authorization-service/standalone/config/application.properties file. To update the properties, you can refer to the sample file present under $OPE_HOME/samples/authorization-services directory for Oracle and PostgreSQL as per your requirement. The default values are set for PostgreSQL.

    CategoryElement Default Value  
    General server.port 9091  
    amPluggableCacheRelational 
    default.tenant.idTIBCO 
    auth.superuser.appIdauth 
    auth.superuser.appKey

    ENC(P2yXphz4OVM=)

    Note: It is a good practice to change this default value and set your own key in an encrypted value. Refer 'Encrypt Password Utility' section in TIBCO® Offer and Price Engine Security Guidelines.
     
    allowedUserRolesROLE_ADMIN,ROLE_USER 
    Relational Database Connection PropertiesdatasourceDriverClassNameorg.postgresql.Driver  
    adminDsUrljdbc:postgresql://localhost:5432/admindbll?currentSchema=adminschemall  
    adminDsUsernameadminuserll  
    adminDsPasswordENC(O4UrXXgTEmyecFyHLo+Ivw==)  
    hibernateDialectorg.hibernate.dialect.PostgreSQLDialect  
    hibernateDsDefaultsfalse 

    adminHibernateShowSql

    false 
    adminDsInitialSize=10  

    adminDsMaxWait

    30000  

    adminDsMaxActive

    100  
    adminDsMaxIdle100 

    adminDsMinIdle

    10  

    datasourceValidationQuery

    SELECT 1 
    adminDsTestOnBorrowtrue  
    adminDsValidationInterval5000 
    Directory Service ConfigurationsdirectoryServiceDomainNametestad.com  
    directoryServiceRootDistinguishedNameDC=testad,DC=com  
    ldapURLForDirectoryServiceldap://localhost:389 
    Actuator Endpoints Propertiesmanagement.endpoints.web.exposure.includehealth,ready,loggers 
    Authentication Token Generation Configurationauthentication.token.signing.keyENC(nSa0k6lmjPPN8ZA5SO6BpQ==)  
    authorization.access.token.validity43200  
    authorization.refresh.token.validity2592000  
    authorized.client.idorder-management-client  
    authorized.client.secretENC(ggsmFvh5HBbeSD1j+l5Y0rP4qv0rJvEm) 
     allowedCorsOriginshttp://localhost:9091,http://localhost:9090,http://localhost:9092,http://localhost:9094,
    http://localhost:9099,http://localhost:9095,http://localhost:9102,http://localhost:9100,
    http://localhost:9093,http://localhost:9089,http://localhost:9104,http://localhost:8090,
    http://localhost:8093,http://localhost:8090
     

  2. Start the authorization service by running the start.sh script from the $OPE_HOME/roles/authorization-service/standalone/bin location.