Manual Chapter : Configuring an OAuth server for APM as client and resource server
Applies To:Show Versions
- 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Configuring an OAuth server for APM as client and resource
You configure the OAuth servers that process requests from Access Policy Manager (APM).
For APM to play the role of an OAuth client and an OAuth resource server, configure OAuth servers with
Client + Resource Server.
- On the Main tab, click.The OAuth Server screen opens.
- In theNamefield, type a name for the object.
- From theModelist, selectClient + Resource Server.APM can use this OAuth server to request access tokens and scope details, such as an email address for the user.The Client Settings and Resource Server Settings areas display.
- From theTypelist, selectOkta.
- From theOAuth Providerlist, select the Okta OAuth provider you defined.
- From theDNS Resolverlist, select a DNS resolver (or click the plus (+) icon, create a DNS resolver, and then select it).
- In theToken Validation Intervalfield, type a number.If you configure a per-request policy subroutine to validate the token, the subroutine repeats at this interval, or the expiry time of the access token, whichever is shorter.
- In the Client Settings area, fill in these fields:You should have gotten a client ID and client secret when you registered APM as a client of the OAuth authorization server.
- In theClient IDfield, type or paste the client ID.
- In theClient Secretfield, type or paste the secret.
- From theClient's ServerSSL Profile Name, select a server SSL profile.
- In the Resource Server Settings area, fill in these fields.You should have gotten an ID and secret from the OAuth authorization server when you registered APM with it.Social account providers supply only client ID and client secret. For social account providers, use the client ID and client secret for the client and the resource server IDs and secrets.
- In theResource Server IDfield, type or paste the resource server ID (for an enterprise provider).For a social provider, type or paste the client ID instead.
- In theResource Server Secretfield, type or paste the resource server secret (for an enterprise provider).For a social provider, type or paste the client secret instead.
- From theResource Server's ServerSSL Profile Name, select a server SSL profile.
- ClickFinished.The server displays on the OAuth Servers screen.
You can now select the OAuth server that you configured from the OAuth Client and OAuth Scope agents when you configure an access policy or a per-request policy.