You can configure a Liberty server
that acts as an OpenID Connect Provider to accept a JSON Web Token in exchange for an access
token.
About this task
You can configure a Liberty server that
acts as an OpenID Connect Provider to accept JSON Web Tokens by enabling the
openidConnectServer-1.0
and transportSecurity-1.0
features in Liberty, and in addition to other optional
configuration information.
Procedure
-
Ensure the
transportSecurity-1.0
and openidConnectServer-1.0
features are
included in the feature manifest in the server.xml file.
<featureManager>
<feature>transportSecurity-1.0</feature>
<feature>openidConnectServer-1.0</feature>
</featureManager>
-
Optional: Configure a
jwtGrantType
element inside of the appropriate
oauthProvider
element. The jwtGrantType
element is optional. If no
jwtGrantType
element is included, the default values for all attributes are used;
for example:
<oauthProvider id="OAuthConfigSample" ...>
<jwtGrantType clockSkew="5m" iatRequired="false" tokenMaxLifetime="120m" maxJtiCacheSize="10000"/>
...
</oauthProvider>
For more JWT configuration options, see the section for the jwtGrantType
element
in the OpenID Connect Provider topic.