Copy and Modify the Open Format Expression File (Optional)

Single Sign-On Service › SSO Getting Started Guide › Configure and Apply an OAuth Authentication Scheme › Copy and Modify the Open Format Expression File (Optional)

Copy and Modify the Open Format Expression File (Optional)

The openformatexpression.conf file enables OAuth self-registration. To configure this file, first generate an encrypted password key. The system uses the password and key during the self-registration process using OAuth. Then, modify the openformatexpression.conf properties file.

Note: You need to configure the openformatexpression.conf file only if you want to enable self-registration for your environment.

Follow these steps:

Log in to the Policy Server host system.
Go to your base Policy Server installation path.
Example: /opt/CA/siteminder/

Where siteminder is the folder where the Policy Server is installed.
Enter the following:
source ca_ps_env.ksh
Go to the bin folder.
Enter the following:
./OpenFormatEncPwd.sh password

where password is a password that you select

The system returns an encrypted value for the password you enter. Write down the password you chose, and the exact encrypted value.
Navigate to the following location:
```
siteminder_home/config/properties
```
siteminder_home

Specifies the Policy Server installation path.

Example: /opt/CA/siteminder/config/properties
Copy the openformatexpression.conf file and name the copy to reflect the tenant.
Examples:
- openformatexpression-tenant1.conf
- openformatexpression-tenant2.conf
In the file copy, add or modify the following settings:
EncryptionTransform=AES256/CBC/PKCS5Padding

EncryptionKey=<encrypted password value>

SessionStore=false

Prefix=SM_

claim_given_name=first_name,given_name

claim_family_name=last_name,family_name

claim_email=mail,email

claim_name=email,name

TimeToLive=300

Prefix=SMAUTHOAUTH_

claim_ID=ID

claim_name=MAIL,EMAIL,USERNAME,NAME

encrypted password value

Is the exact encrypted value that you created previously.
Save and close the file.