Configure each PAS for OpenEdge instance to use OAuth2 and to identify the OpenEdge Authentication Gateway server and port number, to authenticate and exchange the token for a client-principal. After configuration, PAS for OpenEdge instances pass the token directly to the OpenEdge Authentication Gateway for validation.

Set instance properties

To enable a PAS for OpenEdge instance to use OAuth2 with the OpenEdge Authentication Gateway server:
  1. Edit instance/webapp/webapp-name/WEB-INF/oeablSecurity.properties:
    Note: This example secures the instance at the web application level. Replace instance with the name of the PAS for OpenEdge instance and webapp-name with the name of the web application.

    For more information on securing instances, see About oeablSecurity.properties.

    1. Enable the use of OAuth2 by setting client.login.model to oauth2: 
      client.login.model=oauth2
    2. Set sts.JwtTokenExchange.stsURL to hostname and port of the OpenEdge Authentication Gateway server, to validate and exchange the token for a client-principal:
      sts.JwtTokenExchange.stsURL=https://hostname:port
      Note: Replace the hostname and port with the hostname and port of the OpenEdge Authentication Gateway.
    3. For test systems without fully implemented host verification, set sts.JwtTokenExchange.noHostVerify to true:
      sts.JwtTokenExchange.noHostVerify=true
      Note: Production systems should fully implement host verification and always have noHostVerify=false.
  2. Save the file.

For more information about client.login.model, see Enable ABL application authentication.

For more information on configuring security properties for PAS for OpenEdge, see the oeablSecurity.properties.README file.