Domino AppDev Pack

1.0.3

Introspection Credentials

Introspection credentials are generated by the IAM service when creating a resource provider. The proton server task and the oauth-dsapi filter use introspection credentials when validating and decoding OAuth access tokens. Introspection credentials are stored in the Domino credential store and referenced by name: "DEFAULT" for oauth-dsapi and "proton" for the proton server task. See Act as User for more options on proton configuration.

The oauthcfg tool provides the ability to add, delete and list credentials from the credential store. If using a credential store on a Domino cluster, changes only need to be made on one of the cluster members.

Credential Management - Linux

  1. Adding credentials
    Add credentials named <name> where <resource provider ID> and <resource provider secret> are the values presented by the IAM resource provider configuration. <domino-iam-service host> is the hostname of the IAM service.

    Note: Before Domino 11, the bin directory was in /opt/ibm/domino/

    cd /local/notesdata
/opt/hcl/domino/bin/tools/startup /opt/hcl/domino/notes/latest/linux/oauthcfg create <name> <resource provider ID> <resource provider secret> <https://<domino-iam-service host>/token/introspection>

  2. Removing credentials
    Delete introspection configuration matching <name>

    Note: Before Domino 11, the bin directory was in /opt/ibm/domino/

    cd /local/notesdata
/opt/hcl/domino/bin/tools/startup /opt/hcl/domino/notes/latest/linux/oauthcfg delete <name>

  3. Listing credentials
    List introspection configurations matching <name>. Blank <name> lists all.

    Note: Before Domino 11, the bin directory was in /opt/ibm/domino/

    cd /local/notesdata
/opt/hcl/domino/bin/tools/startup /opt/hcl/domino/notes/latest/linux/oauthcfg list <name>

Credential Management - Windows

  1. Adding credentials Add credentials named <name> where <resource provider ID> and <resource provider secret> are the values presented by the IAM resource provider configuration. <domino-iam-service host> is the hostname of the IAM service.

    cd <notes.ini-location>
\<domino-program-directory>\oauthcfg create <name> <Resource Provider ID> <Resource Provider Secret> <https://<domino-iam-service host>/token/introspection>

  2. Deleting credentials
    Delete introspection configuration matching <name>

    cd <notes.ini-location>
\<domino-program-directory>\oauthcfg delete <name>.

  3. Listing credentials
    List introspection configurations matching <name>. Blank <name> lists all.

   cd <notes.ini-location>
   \<domino-program-directory>\oauthcfg list <name>
   ```
IAM statistics