EcoSys supports using either Basic or OAuth Authentication for REST. The default authentication
for REST is Basic. To configure EcoSys to use OAuth Authentication for REST:
-
Configure an OAuth2 Token Provider for EcoSys REST OAuth. Refer to Configuring an OAuth2 token providers for EcoSys and EcoSys Connect
EcoSys REST OAuth supports two token providers.
-
Keycloak
-
Okta
-
-
Configure the EcoSys server settings:
-
Login to the EcoSys application.
-
Go to Admin -> System Utilities -> Edit Server Settings.
-
Set the following server settings:
server.api.rest.authentication.oauth2.enabled=true
This enables OAuth authentication and disables REST Authentication except for the user with login name admin accessing APIs with the name DeactivateUserandResource, ReactivateUserandResource, UpdateUserandCreateResource, Users, UsersAudit
To close this exemption, disable the API on the user with login name admin or use a different login name for the administrator user or ensure there are no APIs with the above names.
Additional exemptions can be made by setting the following server settings:
-
server.api.rest.authentication.oauth2.basicAuthUsernamesAllowed - a comma-separated list of additional user names that can use basic authentication even when OAuth2 is enabled (default is not set)
-
server.api.rest.authentication.oauth2.basicAuthApisAllowed- a comma-separated list of additional APIs that can be accessed using basic authentication even when OAuth2 is enabled (default is not set)
This setting has no effect on SOAP API calls.
-
-
oauth.token.baseUrl - Set to the Base URL for the token provider.
-
-
Restart the application server.
Configure the EcoSys server settings to enable oAuth2 authentication for SOAP APIs
-
Go to Admin > System Utilities > Edit Server Settings.
-
Enable the following server
server.api.soap.authentication.oauth2.enabled
-
Set to the Base URL for new customers using OAuth as follows:
oauth.token.baseurl=<link>/realms/master
-
Restart the application server.