The selection of a client and authorization server determines the keystore type. Configure PAS for OpenEdge to use the encryption keys used to lock the JWT token.

  1. Identify the keystore type.

    This example uses the most common keystore type, JSON Web Key (JWK). It represents a cryptographic key and requires a URL that points to a JWK set of public keys and/or Digital Certificates downloaded from the authorization server.

  2. Set the keystore type and any related properties.
    1. Edit the instance/webapps/web-app-name/WEB-INF/oeablSecurity.properties file. In this example, the property jwtToken.keystore.type is jwk
    2. Set the related properties. If the type is jwk, then set the jwtToken.keystore.jwkurl to Uniform Resource Identifier (URI) for the authorization server's JWK
      jwtToken.keystore.type=jwk													
      											jwtToken.keystore.jwkurl=URI for the authorization server's JWK
      Note: Choosing a different type requires different property changes.

      If you are using OESECTOOL as the test authorization server, set the URL to the OESECTOOL JWK endpoint:

      jwtToken.keystore.jwkurl=https://hostname:9999/keys

      Replace hostname with the hostname you set in oesectool-oauth2.properties.

  3. Save the file.

For more information about JWT keystores, see Configure an OAuth2 keystore .

For more information about managing keys and certificates, see Manage OpenEdge Keys and Certificates .