IBM Tivoli Federated Identity Manager, Version 6.2.2.7

OAuth reference

This topic contains references about the enforcement points and their custom properties, external authorization service (EAS) stanzas, and HTML template pages for both. This topic applies to both OAuth 1.0 and OAuth 2.0.

OAuth STS Interface for Authorization Enforcement Points
Use the WS-Trust interface to directly contact an OAuth Security Token Service (STS) trust chain in Tivoli Federated Identity Manager to validate a request for an OAuth protected resource. An OAuth enforcement point intercepts requests for OAuth protected resources. The OAuth enforcement point also validates the request with Tivoli Federated Identity Manager, and passes the request through, if it is valid. If the request is not valid, the enforcement point denies access to the protected resource.
OAuth Trust Association Interceptor and Servlet Filter custom properties
You must customize the property of the WebSphere® Trust Association Interceptor (TAI) or the Servlet Filter (SF) component as an enforcement point to your OAuth federation.
OAuth EAS stanza reference
This topic contains the stanza reference for the OAuth EAS configuration.
OAuth 1.0 and OAuth 2.0 template pages for trusted clients management
Tivoli Federated Identity Manager provides an HTML page template which resource owners can use to show and manage trusted clients information for OAuth 1.0 and OAuth 2.0 federations.
OAuth 1.0 template page for consent to authorize
The OAuth server uses this page to determine and store user consent information about which OAuth clients are authorized to access the protected resource. This page also indicates which scope is requested by the OAuth client.
OAuth 1.0 template page for response
Use this HTML page when the callback URI is set to oob in the request for temporary credentials or in the partner registration.
OAuth 1.0 template page for denied consent
Use the denied consent HTML page when the resource owner has not granted the OAuth client access to the protected resource.
OAuth 1.0 template page for errors
Tivoli Federated Identity Manager uses a generic error template page to show detailed text information when an error occurs in an OAuth 1.0 flow.
OAuth 2.0 template page for consent to authorize
The authorization server uses this page to determine and store user consent information about which OAuth clients are authorized to access the protected resource. This page also indicates scopes that the OAuth client requests.
OAuth 2.0 template page for response
Use this HTML page to show the authorization code of an OAuth client that did not specify a client redirection URI upon partner registration.
OAuth 2.0 template page for errors
Tivoli Federated Identity Manager uses a generic error template page to show detailed text information when an error occurs in an OAuth 2.0 flow.

Parent topic: Configuring

Feedback