Create API protection definitions to configure the settings
that dictate the behavior of how resources are accessed. The configuration
settings protect the resources from unauthorized access.
Procedure
- Log in to the local management interface.
- Click .
- Under Policy, click API
Protection.
- Click Definitions.
- Click .
- In the Name field, type a unique
name for the definition.
Note: The name must begin with
an alphabetic character. Do not use control characters, leading and
trailing blanks, and the following special characters ~ ! @ # $ %
^ & * ( ) + | ` = \ ; : " ' < > ? , [ ] { } / anywhere in
the name.
- In the Description field, provide
a brief description about the definition.
- Click Grant Types.
- You must select at least one grant type. Authorization
code is enabled by default.
- Click Token Management.
- Provide the following information:
- Access token lifetime (seconds)
- Specifies the number of seconds an access token is valid. When
the access token becomes invalid, the client cannot use it to access
the protected resource.
- Default value: 3600 seconds.
- Minimum value: 1 second.
- Access token length
- Specifies the number of characters in an access token.
- Default value: 20 characters.
- Minimum value: one character.
- Maximum value: 500 characters.
- Enforce single-use authorization grant
- If enabled, all the authorization grant tokens are revoked after
an access token is validated. If enabled, resource requests that involve
redirects fail because the access token is validated multiple times.
- Default value: disabled
- Authorization code lifetime (seconds)
- Specifies the number of seconds that an authorization code is
valid.
- This option applies only to an authorization code grant type.
The authorization server generates an authorization code and sends
it to the client. The client uses the authorization code in exchange
for an access token.
- Default value: 300 seconds.
- Minimum value: 1 second.
- Authorization code length
- Specifies the number of characters in an authorization code.
- Default value: 30 characters.
- Minimum value: one character.
- Maximum value: 500 characters.
- Issue refresh token
- Specifies whether a refresh token is sent to the client. A refresh
token obtains a new pair of access and refresh tokens. This option
is only applicable to the Authorization code and Resource owner password
credentials grant types.
- Maximum authorization grant lifetime (seconds)
- Specifies the maximum number of seconds that the resource owner
authorizes the client to access the protected resource.
- This option is available only if you enable the Issue
refresh token option.
- The value for this lifetime must be greater than the values specified
for the authorization code and access token lifetimes.
- When this lifetime expires, the resource owner must reauthorize
the client to obtain an authorization grant to access the protected
resource.
- Default value: 604800 seconds.
- Minimum value: 1 second.
- Refresh token length
- Specifies the number of characters in a refresh token. This option
is available only if you enable the Issue refresh token option.
- Default value: 40 characters.
- Minimum value: 1 characters.
- Maximum value: 500 characters.
- Enforce single access token per authorization grant
- If enabled, all previously granted access tokens are revoked after
a new access token is generated presenting the refresh token to the
authorization server.
- This option is available only if you enable the Issue
refresh token option.
- Default value: enabled
- Enable PIN policy
- Provides more protection during the exchange of a refresh token
fro a new pair of access and refresh tokens.
- This option is available only if you enable the Issue
refresh token option. If enabled, you must configure the
PIN length.
- PIN Length
- Specifies the number of characters in a PIN. This option is available
only if you enable the Enable PIN policy option.
You can use the runtime.hashAlgorithm runtime
parameter to configure the algorithm that is used to hash the PIN
before it is stored. For more information, see Advanced configuration properties.
- Default value: 4 characters.
- Minimum value: 3 characters.
- Maximum value: 12 characters.
- Token character set
- By default, a set of alphanumeric characters is displayed. You
can specify the set of characters used to generate tokens in the following
methods:
- Manually enter characters
- Select from a pre-defined character set from the drop-down list
- Edit the characters in the field after selecting from a set from
the drop-down list
The configured token character set is applicable for all token
types. If this parameter is left blank, all available alphanumeric
characters are used to generate the token.
- Maximum number for characters allowed: 200
- Click Trusted Clients and Consent and
select when you want the user to be prompted to consent to an authorization
grant.
- Click Save.