Processing policy for OAuth processing
Based on the AAA policy configuration, the processing policy for the DataPower® service contains a minimum of 2 or 3 rules.
The minimum number of rules depends on whether the AAA policy uses HTML forms-based authentication for identity extraction. Forms-based authentication is needed to extract the identity for the resource owner.
- If the AAA policy uses forms-based authentication, the processing policy has a minimum of three rules.
- If the AAA policy does not use forms-based authentication, the processing policy has a minimum of two rules.
Independent of the defined identity extraction methods, the direction for the processing rules in the processing policy is client to server and the request type is non-XML.
- Rules used with forms-based authentication
- If the AAA policy uses forms-based authentication, the processing policy contains the following
rules in the following sequence:
- A processing rule with a matching rule to handle
favicon.icorequests from the browser. - A processing rule with a matching rule against the client-side URL fragments of the forms-based login policy followed by an AAA action. The AAA action in this rule handles forms-based authentication and the unauthenticated path.
- A processing rule with a matching rule of all followed by a
convert-httpaction and an AAA action.- The
convert-httpaction transforms the data in the header and body of the message into XML for use by subsequent actions. - The AAA action uses the assigned AAA policy rule for authorization.
- The
- A processing rule with a matching rule to handle
- Rules used without forms-based authentication
- If the AAA policy does not use forms-based authentication, the processing policy contains the
following rules:
- A processing rule with a matching rule to handle
favicon.icorequests from the browser. - A processing rule with a matching rule of all followed by a
convert-httpaction and an AAA action.- The
convert-httpaction transforms the data in the header and body of the message into XML for use by subsequent actions. - The AAA action uses the assigned AAA policy rule for authorization.
- The
- A processing rule with a matching rule to handle