Software AG Products 10.7 | Administering Integration Server | Configuring OAuth | Configuring Integration Server for OAuth
 
Configuring Integration Server for OAuth
 
Configuring OAuth Settings
Defining Clients
Defining Scopes
Associating Scopes and Clients
Managing Tokens
Customizing the Approval Page
Before you can begin to use OAuth in your Integration Server environment, you need to specify settings for the authorization server and/or resource server, depending on which role the Integration Server plays in you OAuth solution. When the authorization server and resource server are configured, you can start registering clients and managing your OAuth scopes.
The following table describes the basic stages for configuring Integration Server for OAuth.
Stage 1
Configure OAuth settings.
During this stage, you configure the OAuth settings on Integration Server. Integration Server is configured to use certain OAuth settings by default. For information about configuring these settings to reflect those for your system, see Configuring OAuth Settings.
Note:
This stage primarily applies to an Integration Server being used as an authorization server. However, if the Integration Server is acting as the resource server, you must use the Authorization server field on the Security> OAuth > Edit OAuth Global Settings page to identify the authorization server for the resource server.
Stage 2
Define clients.
During this stage, you define the clients that are authorized to access the authorization server and specify which grant types they can use. For information about registering, modifying, and deleting clients, see Defining Clients.
When using Integration Server as the authorization server, the Integration Server and the resource server need to have the same resource owners. This requirement does not apply when using an external authorization server or if all of your clients will use the client credentials grant type.
If you are using Integration Servers for the authorization and resource servers, you can define the client_id values on one Integration Server and then deploy the values to the other Integration Server.
For clients that use the client credentials grant, the user accounts associated with the clients need to be on the authorization server and the resource server.
Stage 3
Define scopes.
During this stage, you define the scopes available for the clients to access. For information about adding, modifying, and deleting scopes, see Defining Scopes.
Your authorization server and resource server must have the same scope names. You can define the scope names on each server. Or, if you are using Integration Servers for the authorization and resource servers, you can define the scopes on one Integration Server and then deploy the values to the other Integration Server.
Stage 4
Associate scopes to clients and vice versa.
During this stage, you associate scopes to clients. When you associate scopes and clients, you authorize the scopes that each client can access. For information about adding, removing, and viewing the associations between scopes and clients, see Associating Scopes and Clients.
Note:
This stage applies to an Integration Server being used as an authorization server only. You do not need to complete this stage for an Integration Server being used as a resource server.
Stage 5
If you want to prevent specific client applications from accessing resources after the authorization server has granted an access token, you can do either of the following:
*On the authorization server, delete the active access and refresh tokens granted for that client application. For information about viewing and deleting tokens, see Managing Tokens.
*On the resource server, disable the client application. For information about disabling client applications, see Enabling and Disabling Clients.