Domino AppDev Pack

1.0.10

Credential Administration

Introspection credentials are generated by the IAM service when creating a resource provider. The proton server task and the oauth-dsapi filter use introspection credentials when validating and decoding OAuth access tokens. Introspection credentials are stored in the Domino credential store and referenced by name: "DEFAULT" for oauth-dsapi and "proton" for the proton server task. See Act-as-User for more options on proton configuration.

The oauthcfg tool provides the ability to add, delete and list credentials from the credential store. If using a credential store on a Domino cluster, changes only need to be made on one of the cluster members.

Credential Management - Linux

  1. Adding credentials
    Add credentials named <name> where <resource provider ID> and <resource provider secret> are the values presented by the IAM resource provider configuration. <domino-iam-service host> is the hostname of the IAM service.

    Note: Before Domino 11, the bin directory was in /opt/ibm/domino/

    cd /local/notesdata
/opt/hcl/domino/bin/tools/startup /opt/hcl/domino/notes/latest/linux/oauthcfg create <name> <resource provider ID> <resource provider secret> <https://<domino-iam-service host>/token/introspection>

  2. Removing credentials
    Delete introspection configuration matching <name>

    Note: Before Domino 11, the bin directory was in /opt/ibm/domino/

    cd /local/notesdata
/opt/hcl/domino/bin/tools/startup /opt/hcl/domino/notes/latest/linux/oauthcfg delete <name>

  3. Listing credentials
    List introspection configurations matching <name>. Blank <name> lists all.

    Note: Before Domino 11, the bin directory was in /opt/ibm/domino/

    cd /local/notesdata
/opt/hcl/domino/bin/tools/startup /opt/hcl/domino/notes/latest/linux/oauthcfg list <name>

Credential Management - Windows

  1. Adding credentials Add credentials named <name> where <resource provider ID> and <resource provider secret> are the values presented by the IAM resource provider configuration. <domino-iam-service host> is the hostname of the IAM service.

    cd <notes.ini-location>
\<domino-program-directory>\oauthcfg create <name> <Resource Provider ID> <Resource Provider Secret> <https://<domino-iam-service host>/token/introspection>

  2. Deleting credentials
    Delete introspection configuration matching <name>

    cd <notes.ini-location>
\<domino-program-directory>\oauthcfg delete <name>.

  3. Listing credentials
    List introspection configurations matching <name>. Blank <name> lists all.

    cd <notes.ini-location>
\<domino-program-directory>\oauthcfg list <name>
Design Catalog AdministrationSetup guide overview