Support for OAuth authorization decisions
OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end user). It also provides a process for end-users to authorize third party access to their server resources without sharing their credentials (typically, a username and password pair), using user-agent redirections.
WebSEAL supports the EAS plug-in, which leverages OAuth 2.0 capabilities. This plug-in allows OAuth decisions to be made as a part of the standard authorization on WebSEAL requests. This functionality uses the authorization server of the Advanced Access Control Module to reject or authorize OAuth tokens in the environment. For information, see OAuth 2.0 support.
- High level overview of the OAuth EAS
- Configure WebSEAL to include OAuth decisions
- Error responses
- Troubleshoot
The EAS provides trace information through the standard Security Verify Access tracing mechanism.
Parent topic: WebSEAL-specific ACL policies