Configuring SSL/TLS Client Truststore and HTTPS Proxy for OAuth Client FEP

The DirX Access OAuth Client FEP component communicates with OAuth servers using HTTP protocol messages sent over an SSL/TLS secured channel, where the OAuth Client FEP is an HTTP client. To enable this HTTPS communication, perform the following configuration steps in the Services container instance where the OAuth Client FEP is running:

Create and configure an SSL/TLS client truststore containing the certificates of trusted OAuth servers and trusted CA certificates.
When direct HTTPS connection between the Services container and the OAuth server is not possible, you must configure an HTTPS proxy through which the OAuth Client FEP communicates with the OAuth server.

HTTPS Proxy Configuration

The HTTPS proxy is defined globally for the Services container instance by specifying the following properties in the Services container instance configuration file etc/wrapper.conf:

# Enable HTTPS proxy
wrapper.java.additional.x=‑Dhttps.proxyHost=HOST
wrapper.java.additional.x+1=-Dhttps.proxyPort=PORT
wrapper.java.additional.x+2=‑Dhttp.nonProxyHosts=HOSTS_LIST
wrapper.java.additional.x+3=‑Dhttps.proxyDomain=USER_DOMAIN
wrapper.java.additional.x+4=‑Dhttps.proxyUserName=USER_NAME
wrapper.java.additional.x+5=‑Dhttps.proxyUserPassphrase=USER_PASSPHRASE

where:

The x … x+3 numbers need to be replaced with a unique numbers within the wrapper.java.additional.* properties.
HOST is a hostname of IP address of the proxy.
PORT is the TCP/IP port of the proxy.
HOSTS_LIST is a comma-separated list of hostnames wildcards, for which a direct connection should be used. For example, “*.intranet.my‑company.example”.
USER_DOMAIN is a domain part of a user name, which should be used for the HTTPS client authentication against the proxy.
USER_NAME is a local part of a user name, which should be used for the HTTPS client authentication against the proxy.
USER_PASSPHRASE is a user passphrase, which should be used for the HTTPS client authentication against the proxy.