Disabling OAuth authorization

The OAuth authorization framework is configurable and can be disabled, although not recommended. Disable OAuth only if you have a specific reason for doing so.

About this task

This procedure disables OAuth authorization for the Model Service. RWS strongly recommends against disabling OAuth authentication, especially in a production environment.

Procedure

  1. Disable OAuth in the Model Service.
    1. Open the following file for editing:
      cis\dxa-model-service\standalone\config\cd_ambient_conf.xml
    2. Edit the following elements:
      • Security - set the OAuthEnabled attribute to false
      • Rules - set the Enabled attribute to false
    3. Save and close the file.
  2. Remove the ID and password for Model Service.
    1. Open cd_client_conf.xml for editing.
    2. Comment out the TokenService element.
    3. Save and close the file.
  3. For every Java/JSP client or API, disable the TokenService parameter.
    1. Open cd_client_conf.xml for editing.
    2. In each file, comment out the TokenService element.
    3. Save and close the file.
  4. For every .NET client or API, disable the oauth-enabled attribute in the application settings element.
    1. From the root folder of your .NET web application, open Web.config for editing.
    2. Find the oauth-enabled add key attribute, and set its value to false.
    3. Save and close the file.
  5. Restart the Model Service.
  6. Restart all clients and APIs.