OAuth 2.0 and OIDC support
Security Access Manager supports the OAuth 2.0 protocol, including OpenID Connect.
The support is provided at both the Advanced Access Control and the Federation licensing levels.
- OAuth is an HTTP-based authorization protocol. It gives third-party applications scoped access
to a protected resource on behalf of the resource owner. It gives scoped access by creating an
approval interaction between the resource owner, client, and the resource server. It gives users the
ability to share their private resources between sites without providing user names and passwords.
Private resources can be anything, but common examples include photos, videos, and contact lists.
The implementation of OAuth 2.0 in Advanced Access Control strictly follows the OAuth 2.0 standards. For a complete description of the OAuth 2.0 specifications, see the OAuth website http://www.oauth.net.
The OAuth 2.0 implementation of Advanced Access Control also integrates with WebSphere DataPower. For more information, see DataPower Integration.
- OpenID Connect is an extension of the OAuth protocol to better support identity and
authentication. For a complete description of the OpenID Connect specifications, see the OpenID
website: http://openid.net/specs/Note: Prior versions of Security Access Manager supported OIDC through federation support. Security Access Manager now supports OIDC through API Protection. Existing deployments of Security Access Manager OIDC federations are fully supported, but new OIDC deployments should use API Protection. For documentation on managing existing OIDC federations, see Legacy support for OpenID Connect federations