Updating the Connections Mobile server configuration

The Connection Mobile server configuration needs to be updated to work with OIDC

About this task

As the Connections administrator, locate the mobile-config.xml file located on the WebSphere deployment manager node and update the server configuration following the step below..

Procedure

  1. Using a text editor, edit the mobile-config.xml file and locate the following section.
  2. Ensure that SecuritySettings enabled is set to True and that the <AuthType> element is set to OAuth as shown: 
    <!-- SECURITY SETTINGS SECTION -->
<SecuritySettings enabled="true">
<!-- Authentication mechanism for the server. One of TAM, SiteMinder, Form, Basic, SPNEGO, OAuth -->
<AuthType>OAuth</AuthType>
  3. Find the OpenID Connect provider’s Authorize Endpoint URL, either thru the discovery endpoint response or documentation. If using the discovery endpoint, use the value from the key authorization_endpoint. Insert this value into the <OAuthAuthorizationURL> element.
    For example:
    <OAuthAuthorizationURL>https://login.microsoftonline.com/b6c7fc02-7489-8729-a3c2-1af11e623345/oauth2/v2.0/authorize</OAuthAuthorizationURL>
  4. Find the OpenID Connect provider’s Token Endpoint URL, either thru the discovery endpoint response or documentation. If using the discovery endpoint, use the value from the key token_endpoint. Insert this value into the <OAuthTokenURL> element.
    For example:
    <OAuthTokenURL>https://login.microsoftonline.com/b6c7fc02-7489-8729-a3c2-1af11e623345/oauth2/v2.0/authorize</OAuthTokenURL>
  5. Find the value of OpenID Connect registered client identifier, that was created when registering the client in the OpenID provider. Insert this value into the <OAuthClientId> element.
    For example:
    <OAuthClientId>b850bc0a-0893-4cd7-7e22-9738a43c585d</OAuthClientId>
  6. Determine which scopes your OpenID Connect provider requires. Typically, this would be openid and offline_access at a minimum, but you may need to request other scopes for access. Insert any required scopes as a string with each scope separated by a space character, as the value of the <OAuthScopes> element. This parameter will be presented to the OpenID Connect provider as part of the Authorize request.
    For example with Azure:
    <OAuthScopes>openid profile email api://b850bc0a-0893-4cd7-7e22-9738a43c585d/default offline_access</OAuthScopes>
  7. Save mobile-config.xml.
  8. Perform a full synchronization of the nodes and restart the mobile application using the WebSphere administration console.