Configure the keystore
- Last Updated: June 17, 2026
- 1 minute read
- OpenEdge
- Version 12.8
- Documentation
The selection of a client and authorization server determines the keystore type. Configure PAS for OpenEdge to use the encryption keys used to lock the JWT token.
- Identify the keystore type.
This example uses the most common keystore type, JSON Web Key (JWK). It represents a cryptographic key and requires a URL that points to a JWK set of public keys and/or Digital Certificates downloaded from the authorization server.
- Set the keystore type and any related properties.
- Edit the instance/webapps/web-app-name/WEB-INF/oeablSecurity.properties
file. In this example, the property
jwtToken.keystore.typeisjwk - Set the related properties. If the type is
jwk, then set thejwtToken.keystore.jwkurlto Uniform Resource Identifier (URI) for the authorization server's JWKjwtToken.keystore.type=jwk jwtToken.keystore.jwkurl=URI for the authorization server's JWKNote: Choosing a differenttyperequires different property changes.If you are using OESECTOOL as the test authorization server, set the URL to the OESECTOOL JWK endpoint:
jwtToken.keystore.jwkurl=https://hostname:9999/keysReplace
hostnamewith thehostnameyou set in oesectool-oauth2.properties.
- Edit the instance/webapps/web-app-name/WEB-INF/oeablSecurity.properties
file. In this example, the property
- Save the file.
For more information about JWT keystores, see Configure an OAuth2 keystore .
For more information about managing keys and certificates, see Manage OpenEdge Keys and Certificates .