Authorization Server configuration
The flexibility of the OAuth 2.0 and OIDC implementation in Airlock IAM results in a rather large and complex configuration. The information presented here should help navigate this complexity:
Menu Entry | Purpose | ||
---|---|---|---|
Loginapp >> OAuth 2.0/OIDC Authorization Servers | Configuration of OAuth 2.0 and OIDC. It resides directly under the Loginapp root menu.
| ||
Authorization Server | Configuration of the individual authorization servers:
| ||
OAuth 2.0 Grants/OpenID Connect Flows | Configuration of the grants and flow this authorization server supports.
The current implementation does not support using OAuth 2.0 grants and OIDC flows in the same authorization server. | ||
MAIN SETTINGS >> Application Settings >> OAuth 2.0 AS Access Configs (JSP Loginapp) | Every OAuth 2.0 AS Access Config protects the authorization code grant/flow exposed by this authorization server. OAuth 2.0 AS Access Config is evaluated after user authentication and before consent is granted and tokens are issued.
| ||
Loginapp >> Authentication Flows >> Target Application >> Authentication Flow (Flow and Loginapp REST UI) | The target application defines the authentication flow to be used for user authentication. The target application must contain an OAuth 2.0/OIDC ID Propagator. The authentication flow must contain an OAuth 2.0 Consent Step. | ||
Loginapp >> UI Settings >> Authentication UIs (Loginapp REST UI) | To use the Loginapp REST UI with the authentication flow and the AS an Authentication & Authorization UI must be configured. |