Example combining CBA, Authentication Service Framework, and OAuth

The onboard RBA demonstration application is used to illustrate how to configure the Security Verify Access features that are discussed in previous topics for REST API client access.

The high-level tasks to enable this configuration are shown in the following list:

• Enable the onboard live demonstration application.
• Create a reverse proxy instance.
• Configure all integration options between the reverse proxy and Advanced Access Control by using isam aac config command.
• Create a /demo junction to the localhost runtime to enable access to the "/demo/mobile-demo/rba" resource URL.
• Create the /mgaapi junction.
• Customize reverse proxy instance configuration for REST API clients.
• Set "/mgaapi/sps/apiauthsvc" as an additional EAI authentication trigger.
• Attach ACLs to junctioned resource URLs.
• Create API Protection OAuth definitions and clients.
• Attach API Protection definition to /demo resource.
• Create a custom context-based access policy with an TOTP authentication obligation.
• Attach the context-based access policy to the "/demo/mobile-demo/rba" resource URL.
• Create a test user.
• Initialize TOTP shared secret for the test user.
• Use CURL to obtain an OAuth access token.
• Use CURL to access "/demo/mobile-demo/rba" with the access token.

• Enable the onboard live demonstration applications
  Use the demonstration application provided by the appliance to complete the settings in this example.
• Create a reverse proxy instance
  The reverse proxy is used as the point of contact for the demonstration application and Advanced Access Control.
• Configure all integration options between the reverse proxy and Advanced Access Control
  Use the isam aac config command of the Security Verify Access configuration utility to configure these settings.
• Create a /demo junction
  Create a junction to enable access to the onboard demonstration application.
• Create a /mgaapi junction
  Create a junction to enable access to the Advanced Access Control authentication services framework for REST client access.
• Customize reverse proxy instance configuration
  Customize reverse proxy instance configuration for REST API clients.
• Set extra EAI authentication trigger
  Set /mgaapi/sps/apiauthsvc as an extra EAI authentication trigger.
• Attach ACLs to junctioned resource URLs
  
• Create API Protection OAuth definitions and clients
  Create API Protection OAuth definitions and clients. Then, attach them to the /demo junction.
• Create a custom context-based access policy
  Create a custom context-based access policy with a TOTP authentication obligation.
• Attach the context-based access policy
  Attach the context-based access policy to the /demo/mobile-demo/rba resource URL.
• Create a test user
  
• Initialize TOTP shared secret for the test user
  Access the following URL as testuser1.
• Use CURL to obtain an OAuth access token
  Use CURL to run the following OAuth ROPC command in a shell terminal to obtain an access token.
• Use CURL to access /demo/mobile-demo/rba with the access token
  Use CURL to run the following command in a shell terminal.

Parent topic: Authentication Service Framework for REST API clients