Example combining CBA, Authentication Service Framework, and OAuth
The onboard RBA demonstration application is used to illustrate how to configure the Security Access Manager features that are discussed in previous topics for REST API client access.
The high-level tasks to enable this configuration are shown in the following list:
- Enable the onboard live demonstration application.
- Create a reverse proxy instance.
- Configure all integration options between the reverse proxy and Advanced Access Control by using isam aac config command.
- Create a /demo junction to the localhost runtime to enable access to the "/demo/mobile-demo/rba" resource URL.
- Create the /mgaapi junction.
- Customize reverse proxy instance configuration for REST API clients.
- Set "/mgaapi/sps/apiauthsvc" as an additional EAI authentication trigger.
- Attach ACLs to junctioned resource URLs.
- Create API Protection OAuth definitions and clients.
- Attach API Protection definition to /demo resource.
- Create a custom context-based access policy with an TOTP authentication obligation.
- Attach the context-based access policy to the "/demo/mobile-demo/rba" resource URL.
- Create a test user.
- Initialize TOTP shared secret for the test user.
- Use CURL to obtain an OAuth access token.
- Use CURL to access "/demo/mobile-demo/rba" with the access token.