Define the settings to use to extract the application users’ credentials, authenticate
their identities, and grant authorization.
About this task
User security authenticates the user. It is required for the Implicit,
Access code, and Resource owner - Password grant
types. It is not used for the Application or Resource owner -
JWT grant types.
One of the following roles is required to configure user security for a native OAuth
Provider:
- Administrator
- Owner
- Topology Administrator
- Custom role with the Settings:Manage permissions
You can select the user security settings page for a native OAuth provider immediately on
completion of the creation operation detailed in Configuring a native OAuth provider, or you
can update the user security settings for an existing native OAuth provider. If you want to update
the user security settings for an existing native OAuth provider, complete the following steps
before following the procedure described in this topic:
- Click .
- Select the required native OAuth provider.
Procedure
Perform the following steps to configure the user security settings for the OAuth Provider:
-
Click User Security in the sidebar menu.
- Specify the following parameters for User Security.
Define the settings to use to extract the application users’ credentials, authenticate their
identities, and grant authorization. User Security is not required for the
Application or Resource owner - JWT grant types. Click
Next when done.
Field |
Description |
Identity Extraction |
Determines how the user credential is extracted:
- Basic Authentication - HTTP basic authentication (requires no additional
configuration)
- Default HTML Form - Use default login form for user name and
password
- Context variable - Specify which variable
contains the user name and password. API Connect OAuth context variables as listed here API Connect context variables
- Custom HTML Form - Enter the endpoint and select an optional TLS profile
for a custom HTML form. For instructions on creating a custom form, see Creating a custom
HTML login form for user security.
- Redirect - If you select Redirect , enter the
following parameters:
- Disabled - do not collect the user
credential
Note: If you use either the Default HTML Form or
Redirect identity extraction methods, the response from the redirect
endpoint must maintain the order of the query parameters before the
state_nonce query parameter, otherwise the authorization fails.
|
Authentication |
Authenticate application users with a user registry. Select an LDAP or Authentication URL
user registry or create the SampleAuthURL User Registry. |
Authorization |
Various methods may be used to authorize application users. For a DataPower® API Gateway, the following
methods for extracting the user credential are available:
|
- Click Save when done.
Results
Depending upon the visibility setting, the OAuth Provider can be used to secure the APIs in
catalog.