Important Considerations for Using OAuth Features
Keep the following points in mind when using OAuth features:
If you are using
IBM webMethods Enterprise Gateway to process requests from external clients, keep in mind that, by default, OAuth configuration settings in
Integration Server Administrator (
Security > OAuth) are only available on
Integration Servers that do not act as an
Enterprise Gateway Server. This is because an Enterprise Gateway port is usually used on an Integration Server outside the corporate firewall. The Internal Server that sits behind the firewall processes all OAuth requests. For more information about
IBM webMethods Enterprise Gateway, see
Configuring
IBM webMethods Enterprise Gateway .
Some companies use Enterprise Gateway Server inside their firewall, where it is safe to set up a database and perform OAuth configuration. To allow access to OAuth configuration from Integration Server Administrator, even when an Enterprise Gateway port is enabled, set the sever configuration parameter watt.server.oauth.alwaysAvailable to true. The watt.server.oauth.alwaysAvailable parameter should be set to true only when Integration Server is inside the corporate firewall. This is because OAuth requires a database, which should not be placed outside the firewall.
In order for
Integration Server to log OAuth activity, the Security logger must be enabled and configured to log the following security areas: Authentication and Authorization. For detailed instructions on enabling the security logger and selecting security areas to audit, see the
IBM webMethods Audit Logging Guide.
For OAuth authorization failures to appear in the error log, the watt.server.oauth.log.authErrors server configuration parameter must be set to true. By default, this parameter is set to false, meaning
Integration Server does not write OAuth authorization errors to any log.