Important Considerations for Using OAuth Features

If you are using IBM webMethods Enterprise Gateway to process requests from external clients, keep in mind that, by default, OAuth configuration settings in Integration Server Administrator (Security > OAuth) are only available on Integration Servers that do not act as an Enterprise Gateway Server. This is because an Enterprise Gateway port is usually used on an Integration Server outside the corporate firewall. The Internal Server that sits behind the firewall processes all OAuth requests. For more information about IBM webMethods Enterprise Gateway, see Configuring IBM webMethods Enterprise Gateway .

Some companies use Enterprise Gateway Server inside their firewall, where it is safe to set up a database and perform OAuth configuration. To allow access to OAuth configuration from Integration Server Administrator, even when an Enterprise Gateway port is enabled, set the sever configuration parameter watt.server.oauth.alwaysAvailable to true. The watt.server.oauth.alwaysAvailable parameter should be set to true only when Integration Server is inside the corporate firewall. This is because OAuth requires a database, which should not be placed outside the firewall.

In order for Integration Server to log OAuth activity, the Security logger must be enabled and configured to log the following security areas: Authentication and Authorization. For detailed instructions on enabling the security logger and selecting security areas to audit, see the IBM webMethods Audit Logging Guide.

For OAuth authorization failures to appear in the error log, the watt.server.oauth.log.authErrors server configuration parameter must be set to true. By default, this parameter is set to false, meaning Integration Server does not write OAuth authorization errors to any log.