Configuring OAuth Connection
Configure clients for each Service Provider (SP) that connects to the Resource Provider (RP). For details, see Create OAuth Clients for PTC Products. For ACD, you must create a separate SP connection for each PTC Arbortext Content Delivery applications such as the Configurator, Task Manager, and the PTC Arbortext Content Delivery. You must create a RP connection with PTC Arbortext Content Delivery as your RP.
Creating OAuth Client Connection with PTC Arbortext Content Delivery as SP
The OAuth client is a connection point for PingFederate to provide access tokens to PTC Arbortext Content Delivery Applications. Applications uses these access tokens to request OAuth-protected resources from resource providers. To create the OAuth client for PTC Arbortext Content Delivery, perform the following steps:
1. Navigate to the OAuth Settings page, and in the Clients section, click Create New.
2. In the Client ID field, add a value as generated for you by the Configurator. Its value is referred in the resourceServer.xml file and the secureContext.properties in the application war file.
3. Select Client Secret and enter a client secret value. Use the default password you have provided while configuring the same in Configurator. Its value is referred in the resourceServer.xml file and the secureContext.properties in the application war file.
4. In the Name field, enter a value. This value is displayed in the PingFederate clients list.
5. In the Description field, enter appropriate description.
6. In the Redirect URIS section, enter your PTC Arbortext Content Delivery server redirect URI.For example: http(s)://<myserver>:<myport>/<Application>/oauth2_authorization_code_redirectHere, <myserver> is your PTC Arbortext Content Delivery server and <Application> is that application which you are configuring.
 |
If your application is under the Load Balancer (LB), make sure you specify the LB-specific servername and port in <myserver> and <myport>.
|
7. In the Allow Grant Types section, select Refresh Token and Authorization Code.
|
|
For PTC Arbortext Content Delivery application (which acts as RP), select Access Token Validation.
|
8. In the Persistent Grants Expiration section, select Grants Do Not Expire.
9. In the Refresh Token Rolling Policy section, select Roll.
Configuring Client on SP
The Client configuration can be managed through two configuration files:
• securityContext.properties:
◦ com.ptc.eauth.identity.oauth2.OAuth2AccessTokenHandlerImpl.getAccessTokenParams.client_id=***
◦ com.ptc.eauth.identity.oauth2.OAuth2AccessTokenHandlerImpl.getAccessTokenParams.client_secret=***
• resourceServers.xml:
◦ <constructor-arg name="clientId" value="***"/>
◦ <constructor-arg name="clientSecret" value="***"/>
You can use the default ones created while configuring through Configuration and any update to this requires a manual change. See the Advanced configuration section for retaining these properties in future.
Configuring Scopes
For details about using scopes in delegated authorization, see Managing Scopes in Delegated Authorization.
Create a new scope with SCOPE NAME = InSRestAPI. For this, see Register Scopes in the Central Auth Server.