Applications authenticating against an OAuth 2.0 AS require a corresponding authentication flow. Creating a new authentication flow involves the following steps.
Prerequisites
- The authorization server must already be configured.
Target application
- Go to Loginapp >> Applications and Authentication
- Create a new Target Application in the Applications section
- Configure Application ID and Application Selector
- Create an OAuth 2.0/OIDC ID Propagator plugin
- Optionally configure Airlock Gateway (WAF) Mapping Roles (Credentials)
- The target application is configured with identity propagation but without an authentication flow
Authentication flow
- Go to Loginapp >> Applications and Authentication >> your target application
- Create an Authentication Flow plugin with the following properties
- Start the flow with a user-identifying step (e.g. Username Password Authentication Step)
- Optionally add additional authentication steps (e.g. Airlock 2FA Step for Authentication)
- Configure the flow to provide the authenticated tag on success
- Optionally add a skip condition for the authenticated tag
- Add an OAuth 2.0 Consent Step after the authentication steps
- Add tags and conditions based on your previous configuration of "Role Transformation Rules" and "Specific Access Policy in "OAuth 2.0 AS Access Config"
Authorization flow
- Optionally, configure an authorization flow including the following steps:
- Required Role Step
- Terms of Service Step
Authorization server
- Go to Loginapp >> OAuth 2.0/OIDC Authorization Servers >> {{AS-ID}} >> OIDC Authorization Code / Hybrid Flow
- In the Flow Settings section configure the Flow Application ID with the previously configured Application ID of the target application