Engineering Lifecycle Management Wiki - Deployment
Deployment Web
Planning and design
Installing and upgrading
Migrating and evolving
Integrating
Administering
Monitoring
Troubleshooting
Community information and contribution guidelines
Create new topic
Topic list
Search
Advanced search
Notify
RSS
Atom
Changes
Statistics
Web preferences
Edit
Attach
P
rintable
TWiki
>
Deployment Web
>
DeploymentInstallingUpgradingAndMigrating
>
JazzAuthorizationServer
>
ELMAndOAuth20WithOIDCProvider
Revision 1 - 2020-12-02 - 13:13:51 -
ShubjitNaik
<div id="header-title" style="padding: 10px 15px; border-width:1px; border-style:solid; border-color:#FFD28C; background-image: url(<nop>https://jazz.net/wiki/pub/Deployment/WebPreferences/TLASE.jpg); background-size: cover; font-size:120%"> ---+!! ELM Configured with Third Party OIDC Provider - Authorization via OAuth 2.0 Workflow <img src="https://jazz.net/wiki/pub/Deployment/WebPreferences/todo.png" alt="todo.png" width="50" height="50" align="right"> %DKGRAY% Authors: Main.ShubjitNaik <br> Build basis: Engineering Lifecycle Management Solution 7.0.2 and Higher %ENDCOLOR%</div></sticky> <!-- Page contents top of page on right hand side in box --> <sticky><div style="float:right; border-width:1px; border-style:solid; border-color:#DFDFDF; background-color:#F6F6F6; margin:0 0 15px 15px; padding: 0 15px 0 15px;"> %TOC{title="Page contents"}% </div></sticky> <sticky><div style="margin:15px;"></sticky> Starting CLM version 6.0 [[https://jazz.net/wiki/bin/view/Deployment/AboutJazzAuthorizationServer/][Jazz Authorization Server]] was introduced and when applications are configured with Jazz Security Architecture SSO enabled, they can use [[https://openid.net/connect/][OpenID Connect]]to authenticate with each other. !OpenID Connect is a simple identity protocol and open standard that is built on top of the !OAuth 2.0 protocol. Review the Jazz Security Architecture on the article https://jazz.net/library/article/75 When deployed with Jazz Authorization Server (IBM Liberty !OIDC feature) ELM supports !OAuth 2.0. Refer the article [[ELMAndOAuth20][ELM and OAuth 2.0]] to understand how to use !OAuth2.0 protocol flow with ELM deployed with Jazz Authorization Server. You can configure the Jazz Authorization Server to further delegate the user authentication to your standard, corporate !OIDC provider using the Liberty *Social Login* feature. Refer this article - [[JASandOIDCProvider][Configuring ELM Authentication with a third Party OIDC provider]] When the Authentication is handled by a Third Party OIDC provider, how do we use !OAuth2.0 protocol flow to access ELM Protected resources? This is the focus of the article. ---++ !OAuth 2.0 - A Quick Intro !OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. [[https://tools.ietf.org/html/rfc6749#section-1.4][Access tokens ]]are credentials used to access protected resources. An access token is a string representing an authorization issued to the client. The string is usually opaque to the client. Tokens represent specific scopes and durations of access, granted by the resource owner, and enforced by the resource server and authorization server. An [[https://tools.ietf.org/html/rfc6749#section-1.3][authorization grant ]]is a credential representing the resource owner's authorization (to access its protected resources) used by the client to obtain an access token. This specification defines four grant types * [[https://tools.ietf.org/html/rfc6749#section-4.1][Authorization code]] * [[https://tools.ietf.org/html/rfc6749#section-4.2,][Implicit]] * [[https://tools.ietf.org/html/rfc6749#section-4.3][Password]] * [[https://tools.ietf.org/html/rfc6749#section-4.4][Client credentials]] For further details on the workflow on !OAuth2.0 and different grant types review the !OAuth 2.0 Framework at [[https://oauth.net/][OAuth 2.0 ]] In the next section we introduce how to register a new Client in Jazz Authorization Server which is configured with a Third Party OIDC Provider and Access ELM Protected resources via the Password grant type. ---++ Configuring Application Passwords in Jazz Authorization Server ---++ !OAuth 2.0 - A Quick Intro ---+++ Heading 2 (use sentence-style capitalization) Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text ---+++ Heading 2 (use sentence-style capitalization) Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text ---++ Heading 1 ---+++++!! Related topics: [[DeploymentWebHome][Deployment web home]], [[DeploymentWebHome][Deployment web home]] ---+++++!! External links: * [[https://www.ibm.com][IBM]] ---+++++!! Additional contributors: Main.TWikiUser, Main.TWikiUser <sticky></div></sticky>
Edit
|
Attach
|
P
rintable
|
V
iew topic
|
Backlinks:
We
b
,
A
l
l Webs
|
H
istory
:
r19
|
r4
<
r3
<
r2
<
r1
|
More topic actions...
Copyright © by IBM and non-IBM contributing authors. All material on this collaboration platform is the property of the contributing authors.
Contributions are governed by our
Terms of Use.
Please read the following
disclaimer
.
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more
here
.