ELM Configured with Third Party OIDC Provider - Authorization via OAuth 2.0 Workflow todo.png

Authors: ShubjitNaik
Build basis: Engineering Lifecycle Management Solution 7.0.2 and Higher

Starting CLM version 6.0 Jazz Authorization Server was introduced and when applications are configured with Jazz Security Architecture SSO enabled, they can use OpenID Connectto authenticate with each other. OpenID Connect is a simple identity protocol and open standard that is built on top of the OAuth 2.0 protocol. Review the Jazz Security Architecture on the article https://jazz.net/library/article/75

When deployed with Jazz Authorization Server (IBM Liberty OIDC feature) ELM supports OAuth 2.0. Refer the article ELM and OAuth 2.0 to understand how to use OAuth2.0 protocol flow with ELM deployed with Jazz Authorization Server.

You can configure the Jazz Authorization Server to further delegate the user authentication to your standard, corporate OIDC provider using the Liberty Social Login feature. Refer this article - Configuring ELM Authentication with a third Party OIDC provider

When the Authentication is handled by a Third Party OIDC provider, how do we use OAuth2.0 protocol flow to access ELM Protected resources? This is the focus of the article.

OAuth 2.0 - A Quick Intro

OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.

Access tokens are credentials used to access protected resources. An access token is a string representing an authorization issued to the client. The string is usually opaque to the client. Tokens represent specific scopes and durations of access, granted by the resource owner, and enforced by the resource server and authorization server.

An authorization grant is a credential representing the resource owner's authorization (to access its protected resources) used by the client to obtain an access token. This specification defines four grant types

For further details on the workflow on OAuth2.0 and different grant types review the OAuth 2.0 Framework at OAuth 2.0

In the next section we introduce how to register a new Client in Jazz Authorization Server which is configured with a Third Party OIDC Provider and Access ELM Protected resources via the Password grant type.

Configuring Application Passwords in Jazz Authorization Server

OAuth 2.0 - A Quick Intro

Heading 2 (use sentence-style capitalization)

Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text

Heading 2 (use sentence-style capitalization)

Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text

Heading 1

Related topics: Deployment web home, Deployment web home

External links:

Additional contributors: TWikiUser, TWikiUser

This topic: Deployment > WebHome > DeploymentInstallingUpgradingAndMigrating > JazzAuthorizationServer > ELMAndOAuth20WithOIDCProvider
History: r1 - 2020-12-02 - 13:13:51 - ShubjitNaik
This site is powered by the TWiki collaboration platformCopyright © by IBM and non-IBM contributing authors. All material on this collaboration platform is the property of the contributing authors.
Contributions are governed by our Terms of Use. Please read the following disclaimer.
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.