Configuring the IBM Connections OAuth provider

Configuring the IBM Connections OAuth provider

About this task

To configure the IBM Connections OAuth provider perform the following:
  • Configuring Public OAuth 2.0 Client Use
  • Configuring Auto-Authorize Apps
  • Recreating the OAuth Provider Configuration

Configuring Public OAuth 2.0 Client Use

If the IBM Connections Mobile app is already in use in the environment, then allowing public OAuth 2.0 apps must already be enabled. The following configuration change is only required if the use of the public OAuth 2.0 apps is not already enabled.

Refer to Step 5 for additional information, Registering the mobile client.

Edit the connectionsProvider.xml file which can be found in the oauth20 directory beneath the IBM WebSphere® Application Server (WAS) cell configuration. For example, at /opt/IBM/WebSphere/AppServer/profiles/profileName/config/cells/cellName/oauth20/connectionsProvider.xml.

Locate the parameter named oauth20.allow.public.clients and change the value from false to true.

<parameter name="oauth20.allow.public.clients" type="cc" customizable="true">
 <value>true</value>
</parameter>

Configuring Auto-Authorize Apps

To allow a more seamless user experience while using the Slack Files integration, IBM Connections supports automatic authorization of trusted OAuth clients. Users will not be prompted to authorize a trusted OAuth client app the first time that it tries to access their Connections data.

Refer to Step 2 for additional information, Registering an OAuth client with a provider.

Edit the connectionsProvider.xml file which can be found in the oauth20 directory beneath the BM WebSphere® Application Server (WAS) cell configuration. For example, at /opt/IBM/WebSphere/AppServer/profiles/profileName/config/cells/cellName/oauth20/connectionsProvider.xml .

Locate the parameter named oauth20.allow.public.clients and add the app id of the Slack app cnx_slack_files_integration to the values list. 

<parameter name="oauth20.autoauthorize.clients" type="cc" customizable="true">
 <value>cnx_slack_files_integration</value>
</parameter>

Recreating the OAuth Provider Configuration

If enabling of either public OAuth client or auto-authorize OAuth client changes are made, per previous instructions above, it is necessary to recreate the OAuth provider definition based on the new configuration and restart the nodes.

Refer to Step 6 for additional information, Registering the mobile client.

./wsadmin.sh -lang jython -conntype SOAP -c "print AdminTask.createOAuthProvider('-providerName connectionsProvider -fileName /opt/IBM/WebSphere/AppServer/profiles/_profileName_/config/cells/_cellName_/oauth20/connectionsProvider.xml')" -user <wasadmin> -password <pwd>

If the Connections service is not running in Network Deployment cells, restart the appropriate WAS node where the configuration was changed.

If Connections is running in Network Deployment cells, the configuration must be synchronized across the cluster nodes before they are restarted.