Configure WebSEAL to include OAuth decisions

To make an OAuth authorization decision, the authorization server requires specific information regarding the request. The required data includes the following:

• Authorization data. This data is obtained from either the authorization header, the query string or the POST data.
• Resource information. This data is obtained from the HTTP request and is used to validate the OAuth signature.

WebSEAL uses the EAS plug-in to provide this required data and to use the OAuth functionality in the Advanced Access Control Module.

To include OAuth decisions as part of the standard authorization on WebSEAL requests, we need to perform the following tasks:

1. Configure the required authorization decision data.
2. Configure the extra EAS specific data.

This configuration ensures the correct data is passed to the EAS for each request.

• Authorization decision data
  To correctly construct the RST, the EAS requires various information from the request itself. WebSEAL must be configured to provide this information to the EAS.
• EAS specific data
  The EAS requires specific configuration data to function correctly. This data is mostly contained in the [oauth] and [oauth-eas] stanzas.

Parent topic: Support for OAuth authorization decisions