Applications authenticating against an OAuth 2.0 AS newly require a corresponding authentication flow (previous "OAuth 2.0 AS Access Config").
Creating a new authentication flow requires the following steps:
Prerequisites
- ●The authorization server must already be configured.
Target application
- 1.Go to Loginapp >> Authentication Flows
- 2.Create a new Target Application in the Applications section
- 3.Configure Application ID and Application Selector
- 4.Create an OAuth 2.0/OIDC ID Propagator plugin
- 5.Optionally configure Airlock Gateway (WAF) Mapping Roles (Credentials)
- The target application is configured with identity propagation but without an authentication flow
Authentication flow
- 1.Go to Loginapp >> Authentication Flows >> your target application
- 2.Create an Authentication Flow plugin with the following properties
- ●Start the flow with a user identifying step (e.g. Password Authentication Step)
- ●Optionally add additional authentication steps (e.g. Airlock 2FA Step for Authentication)
- ●Configure the flow to provide the authenticated tag on success
- ●Optionally add a skip condition for the authenticated tag
- ●Add an OAuth 2.0 Consent Step after the authentication steps
- 3.Add tags and conditions based on your previous configuration of "Role Transformation Rules" and "Specific Access Policy in "OAuth 2.0 AS Access Config"
Authorization flow
- 1.Optionally, configure an authorization flow including following steps based on your previous configuration in "OAuth 2.0 AS Access Config"
- 2."Required Role Step"
- 3."Terms of Service Step"
Authorization server
- 1.Go to Loginapp >> OAuth 2.0/OIDC Authorization Servers >> {{AS-ID}} >> OIDC Authorization Code Flow
- 2.In the Flow Settings section configure the Flow Application ID with the previously configured Application ID of the target application