Enabling OAuth in BlueCat Gateway allows the use of access tokens issued by the
authorization server/IdP to access the Address Manager API. An access token represents the
authorization of BlueCat Gateway to access the Address Manager API. Once you enable OAuth in
BlueCat Gateway, you must update workflows and endpoints to use OAuth for access to the
Address Manager API. Automated scripts must also be updated to use OAuth.
Important: You must configure the OAuth Settings in Address Manager
before configuring OAuth in Gateway. For more information, refer to "Enabling
OAuth in Address Manager" in the Address Manager Administration
Guide.
-
Log in to BlueCat Gateway.
-
Click .
-
Complete the following fields:
-
Client ID - The public identifier of the
application.
-
Client Secret - The secret code known only to
the application and the authorization server.
-
Authorization endpoint - The endpoint that
interacts with the resource owner (the user) and obtains the
authorization grant from the protected resource.
-
Token Endpoint - The endpoint used by the API
client (BlueCat Gateway) to obtain an access token.
-
Resource - The name of the protected resource.
-
Username Claim - The username claim of the
authorization server.
-
Authentication Method - Select
Local if the IdP does not use a UserInfo
endpoint to validate a token. Select Authorization
Server if the token validation occurs in the
authorization server.
Tip: ADFS uses local authentication and OneLogin uses the
authorization server.
-
If you selected Authorization Server in the
Authentication Method drop-down, complete the
Userinfo Endpoint field. The userinfo endpoint
retrieves information about the user––this includes the group membership
information and user ID.
-
Click Save.
Note: The Enable SSO check box appears on each tab of BlueCat Gateway's SSO
Configuration workflow. Only select the check box then click Save if you
have configured the Service Provider, IdP, and OAuth settings (Advanced
Settings are optional).