Page created: 12 Sep 2019 |
Page updated: 19 Mar 2020
Use the OAuth Server menu to configure various settings to support the grant types that your applications require.
- Configure the authorization server (AS) settings in the screen.
- Define any number of optional common scopes and exclusive scopes, create scope groups from any optional scopes as needed, and enter an optional description for the default scope using the configuration wizard.
Create one or more access token management instances using the
configuration wizard.This is where you define the access token attribute contract for any given access token management instance.
Configure one or more entries to map attributes from authentication sources to
the persistent grants.
- Authorization Code or Implicit
- Map attributes from an IdP adapter instance to the persistent grants using the configuration wizard.
- Map attributes from an IdP connection to the persistent grants using the configuration wizard.
- Create an authentication policy contract (APC) using the
Policy Contracts configuration wizard,
define an authentication policy to map attributes from the
authentication sources (IdP adapter instances, IdP connections, or
both) to the APC, and map attributes from the APC to the persistent
grants using the configuration wizard.Tip:
If you are using a combination of authentication policies, APCs, and APC mappings, you can skip the IdP Adapter Mapping and OAuth Attribute Mapping configurations.
- Resource Owner Password Credentials
- Map attributes from a password credential validator instance to the persistent grants using the configuration wizard.
Note that this is the first stage of the two-stage access token mapping process through the persistent grants.
Configure one or more entries to map attributes from the persistent grants (or
the authentication sources directly) to the attribute contract of your access
token management instances using the
configuration wizard. Additionally, you can configure a mapping
for clients using the client credential grant type.Note that this is the second stage of the two-stage access token mapping process through the persistent grants.
(For more information about the access token mapping process, see Mapping OAuth attributes.)
- For the client-initiated backchannel authentication (CIBA) flow, configure one or more CIBA authenticator instances and then one or more CIBA request policies.
For the JWT Bearer or SAML 2.0 Bear assertion grants flow, configure a mapping
screen.Note that this use case exchanges a JWT or a SAML assertion for an OAuth access token.
- Define one or more OpenID Connect policies using the the OpenID Connect protocol is enabled in screen. configuration wizard if you support OpenID Connect use cases and
- Create one or more OAuth clients in the screen.
- Optional: Configure client settings and registration policies for dynamic client registration.
- Optional: Configure client session management settings.