Configuring OAuth - Platform - BlueCat Gateway - 20.12.1

Gateway Administration Guide

prodname
BlueCat Gateway
version_custom
20.12.1

Enabling OAuth in BlueCat Gateway allows the use of access tokens issued by the authorization server/IdP to access the Address Manager API. An access token represents the authorization of BlueCat Gateway to access the Address Manager API. Once you enable OAuth in BlueCat Gateway, you must update workflows and endpoints to use OAuth for access to the Address Manager API. Automated scripts must also be updated to use OAuth.

Important: You must configure the OAuth Settings in Address Manager before configuring OAuth in Gateway. For more information, refer to "Enabling OAuth in Address Manager" in the Address Manager Administration Guide.
  1. Log in to BlueCat Gateway.
  2. Click Administration > Configurations > SSO Configuration > OAuth Settings.
  3. Complete the following fields:
    1. Client ID - The public identifier of the application.
    2. Client Secret - The secret code known only to the application and the authorization server.
    3. Authorization endpoint - The endpoint that interacts with the resource owner (the user) and obtains the authorization grant from the protected resource.
    4. Token Endpoint - The endpoint used by the API client (BlueCat Gateway) to obtain an access token.
    5. Resource - The name of the protected resource.
    6. Username Claim - The username claim of the authorization server.
    7. Authentication Method - Select Local if the IdP does not use a UserInfo endpoint to validate a token. Select Authorization Server if the token validation occurs in the authorization server.
      Tip: ADFS uses local authentication and OneLogin uses the authorization server.
  4. If you selected Authorization Server in the Authentication Method drop-down, complete the Userinfo Endpoint field. The userinfo endpoint retrieves information about the user––this includes the group membership information and user ID.
  5. Click Save.
    Note: The Enable SSO check box appears on each tab of BlueCat Gateway's SSO Configuration workflow. Only select the check box then click Save if you have configured the Service Provider, IdP, and OAuth settings (Advanced Settings are optional).
    Important: BlueCat strongly recommends testing the OAuth environment to ensure API clients of Address Manager can obtain an access token from the authorization server. You can use an API testing tool such as Postman to test the OAuth configuration in Address Manager. For more information, go to https://learning.postman.com/docs/postman/sending-api-requests/authorization/#oauth-20.