Installing and Configuring OAuth

The OAuth server consists of a web server component and a password exit component. The OAuth configuration is stored in several configuration files and in the password exit component. This topic covers the steps to installing and configuring the OAuth server for the ServiceNow Service Connector (SNSC).

Prerequisites:

In the configuration steps, you will need to provide two encryption key values that will be used later for the validation encryption. Therefore, before you begin this configuration, it would be helpful (although not necessary) to get a tool that generates random hexadecimal key values.

A general note about configuration files:

Some configuration files are delivered with the extension ".sample" to ensure that your existing configuration files will not be overwritten when you update your components. If a configuration file has this extension, remove it from the file name. Otherwise, the configuration will not go into effect.

To Install and Configure the OAuth Server

Install the OAuth Server in your Tomcat installation.
1. Go to wherever you have your downloaded Automic Automation installation package .
2. Open the folder <Automic Automation Installation>\Tools\OAuth.
3. Copy oauth_server.war and paste it in the webapps folder in your Tomcat installation (for example, <Tomcat installation path>\webapps).
Prepare two random hexadecimal strings, one that is 32‑characters long and one that is 16‑characters long.
You need to provide these two strings for key values in the configuration.properties file and, in a later step, for the AES encryption.
Note: You can do this best with a tool that can generate random hexadecimal strings. (You can search online for "random hexadecimal string generator" to find tools such as https://onlinerandomtools.com/generate-random-hexadecimal-numbers.)

Define the parameters of the configuration.properties file for the OAuth server.

In the <Tomcat installation path>\webapps\oauth-server\WEB-INF\classes\config folder, open the configuration.properties file and edit it. For details, see configuration.properties for OAuth.

Parameter	Type	Description
Encryption.Key	String	Secret key to be used for AES encryption. It is also called the "Secret Key." Important: This must be exactly 32 hexadecimal characters (0 though F). Note: You can use a tool to generate this encryption key.
Encryption.IV	String	Initialization vector (IV) for the AES encryption Important: This must be exactly 16 hexadecimal characters (0 though F). Note: You can use a tool to generate this encryption key.
AutomationEngine.System	String	Name of the AE system that validates the logins
AutomationEngine.AEUser	String	Name of the technical AE user for the internal processing Format: user_name/department Example: OAUTH_SERVER_USER/MYDEPARTMENT
AutomationEngine.AEPassword	String	Password for the technical AE user
AccessToken.CacheTimeout	Number	Number of seconds that the OAuth server keeps a token validation result in its memory Default: 30
ValidationEndpoint.Username	String	User name for the basic authentication for the validation endpoint Note: This must be the same user name as the one specified in the Password Exit INI file.
ValidationEndpoint.Password	String	Password for the basic authentication for the validation endpoint Note: This must be the same password as the one specified in the Password Exit INI file, and it must be in plain text (not encrypted).

Example

Encryption.Key = B174A26A71490437AA024E4FADD5B497

Encryption.IV = 9E892875A52C59A3
 
AutomationEngine.System = AE11
AutomationEngine.AEUser = OAUTH_SERVER_USER/MYDEPARTMENT
AutomationEngine.AEPassword = 123
 
AccessToken.CacheTimeout = 30
ValidationEndpoint.Username = User1
ValidationEndpoint.Password = PWord

Define the parameters that control the OAuth logging.

In the <Tomcat installation path>\webapps\oauth-server\WEB-INF\classes\config folder, you find two logback files. Open and edit each of them. For details, see logback*.xml Files for OAuth. Both files have the same configuration parameters but the files have different purposes:

logback.xml for the main log
logback-access.xml for the request/response log

Name	Description	Xml Element
Current log location	Name of the current on-going log file	`/configuration/.../file` Default: <Tomcat installation path>/logs/oauth-server.log
Archived log location	Archived log location and file name pattern	`/configuration/.../fileNamePattern` Default: <Tomcat installation path>/logs/oauth-server*.log
Max History	The number of archived logs to be kept	`/configuration/.../maxHistory` Default: 30
Loggers	Log level for special package	`/configuration/logger` Default: level="info" Note: For bug reporting change this to level="trace".
Root level	Default log level of all loggers	`/configuration/root` Default: level="warn"
Appenders	Log appenders	`/configuration/root/appender-ref` Defaults: ref="CONSOLE" ref="FILE"

Configure the connection between the Automation Engine (AE) and the OAuth server. You do this in the uc4config.xml file.
In installations with Tomcat, you find uc4config.xml in the <Tomcat installation path>\webapps\oauth-server\WEB-INF\classes\config folder.
The parameters for configuring the connection between the AE and OAuth are the same that you use to define the connection between the AE and AWI. For OAuth, adapt the uc4config.xml as per your environment as follows:
Sample configuration
```
<configuration>
  <connections >
    <connection name="UC4" system="UC4">
       <cp ip="vviecapam01" port="8443"/>
    </connection>
    <trustedCertFolder>C:\AWA\truststore</trustedCertFolder>
  </connections>
</configuration>
```
For more information, see uc4config.xml - Configuring the Connection Between AWI and AE.
Note: You can also find the Automic Automation product documentation on docs.automic.com.

You have completed installing and configuring the OAuth Server.

Next Steps: Install and configure Password Exit. For instructions, see Installing and Configuring a Password Exit.