ELM Configured with Third Party OIDC Provider - Authorization via OAuth 2.0 Workflow
Authors: ShubjitNaik Build basis: Engineering Lifecycle Management Solution 7.0.2 and Higher
Starting CLM version 6.0 Jazz Authorization Server was introduced and when applications are configured with Jazz Security Architecture SSO enabled, they can use OpenID Connectto authenticate with each other. OpenID Connect is a simple identity protocol and open standard that is built on top of the OAuth 2.0 protocol. Review the Jazz Security Architecture on the article https://jazz.net/library/article/75
When deployed with Jazz Authorization Server (IBM Liberty OIDC feature) ELM supports OAuth 2.0. Refer the article ELM and OAuth 2.0 to understand how to use OAuth2.0 protocol flow with ELM deployed with Jazz Authorization Server.
You can configure the Jazz Authorization Server to further delegate the user authentication to your standard, corporate OIDC provider using the Liberty Social Login feature. Refer this article - Configuring ELM Authentication with a third Party OIDC provider
When the Authentication is handled by a Third Party OIDC provider, how do we use OAuth2.0 protocol flow to access ELM Protected resources? This is the focus of the article.
OAuth 2.0 - A Quick Intro
OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. Access tokens are credentials used to access protected resources. An access token is a string representing an authorization issued to the client. The string is usually opaque to the client. Tokens represent specific scopes and durations of access, granted by the resource owner, and enforced by the resource server and authorization server. An authorization grant is a credential representing the resource owner's authorization (to access its protected resources) used by the client to obtain an access token. This specification defines four grant types For further details on the workflow on OAuth2.0 and different grant types review the OAuth 2.0 Framework at OAuth 2.0 In the next section we introduce how to register a new Client in Jazz Authorization Server which is configured with a Third Party OIDC Provider and Access ELM Protected resources via the Password grant type.Configuring Application Passwords in Jazz Authorization Server
OAuth 2.0 - A Quick Intro
Heading 2 (use sentence-style capitalization)
Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section textHeading 2 (use sentence-style capitalization)
Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section text Sub-Section textHeading 1
Related topics: Deployment web home, Deployment web home
External links:
Additional contributors: TWikiUser, TWikiUser
Contributions are governed by our Terms of Use. Please read the following disclaimer.
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.