Updating the Connections Mobile server configuration
The Connection Mobile server configuration needs to be updated to work with OIDC
About this task
Procedure
- Using a text editor, edit the mobile-config.xml file and locate the following section.
-
Ensure that SecuritySettings enabled is set to
True and that the
<AuthType>
element is set to OAuth as shown:<!-- SECURITY SETTINGS SECTION --> <SecuritySettings enabled="true"> <!-- Authentication mechanism for the server. One of TAM, SiteMinder, Form, Basic, SPNEGO, OAuth --> <AuthType>OAuth</AuthType>
-
Find the OpenID Connect provider’s Authorize Endpoint URL, either thru the
discovery endpoint response or documentation. If using the discovery endpoint,
use the value from the key authorization_endpoint. Insert
this value into the
<OAuthAuthorizationURL>
element.For example:<OAuthAuthorizationURL>https://login.microsoftonline.com/b6c7fc02-7489-8729-a3c2-1af11e623345/oauth2/v2.0/authorize</OAuthAuthorizationURL>
-
Find the OpenID Connect provider’s Token Endpoint URL, either thru the
discovery endpoint response or documentation. If using the discovery endpoint,
use the value from the key token_endpoint. Insert this
value into the
<OAuthTokenURL>
element.For example:<OAuthTokenURL>https://login.microsoftonline.com/b6c7fc02-7489-8729-a3c2-1af11e623345/oauth2/v2.0/authorize</OAuthTokenURL>
-
Find the value of OpenID Connect registered client identifier, that was created
when registering the client in the OpenID provider. Insert this value into the
<OAuthClientId>
element.For example:<OAuthClientId>b850bc0a-0893-4cd7-7e22-9738a43c585d</OAuthClientId>
-
Determine which scopes your OpenID Connect provider requires. Typically, this
would be
openid
andoffline_access
at a minimum, but you may need to request other scopes for access. Insert any required scopes as a string with each scope separated by a space character, as the value of the<OAuthScopes>
element. This parameter will be presented to the OpenID Connect provider as part of the Authorize request.For example with Azure:<OAuthScopes>openid profile email api://b850bc0a-0893-4cd7-7e22-9738a43c585d/default offline_access</OAuthScopes>
- Save mobile-config.xml.
- Perform a full synchronization of the nodes and restart the mobile application using the WebSphere administration console.