Enabling OAuth in BlueCat Gateway allows the use of access
tokens issued by the authorization server/IdP to access the Address Manager API. An access
token represents the authorization of Gateway to access the Address
Manager API. Once you enable OAuth in BlueCat Gateway, you must update
workflows and endpoints to use OAuth for access to the Address Manager API. Automated
scripts must also be updated to use OAuth.
Important: You must configure the OAuth Settings in Address Manager
before configuring OAuth in Gateway. For more information,
refer to "Enabling OAuth in Address Manager" in the Address Manager
Administration Guide.
-
Log in to BlueCat Gateway.
-
Click .
-
Complete the following fields:
-
Client ID - The public identifier of the
application.
-
Client Secret - The secret code known only to
the application and the authorization server.
-
Authorization endpoint - The endpoint that
interacts with the resource owner (the user) and obtains the
authorization grant from the protected resource.
-
Token Endpoint - The endpoint used by the API
client (BlueCat Gateway) to obtain an access token.
-
Resource - The name of the protected resource.
-
Username Claim - The username claim of the
authorization server.
-
Authentication Method - Select
Local if the IdP does not use a UserInfo
endpoint to validate a token. Select Authorization
Server if the token validation occurs in the
authorization server.
Tip: ADFS uses local authentication and OneLogin uses the
authorization server.
-
If you selected Authorization Server in the
Authentication Method drop-down, complete the
Userinfo Endpoint field. The userinfo endpoint
retrieves information about the user––this includes the group membership
information and user ID.
-
Click Save.
Note: The Enable SSO check box appears on each tab of
BlueCat Gateway's SSO Configuration workflow. Only
select the check box then click Save if you have configured the Service
Provider, IdP, and OAuth settings (Advanced Settings are
optional).