Page History
The KEYCLOAKOAUTH policy is used to secure an API via any other identity provider. Since every Scheer PAS installation contains a Keycloak instance, and Keycloak supports a lot of different providers, this Keycloak-specific OAuth2 policy should be your first choice to secure an API in the PAS environment.
Adding the Keycloak OAuth Policy
| Multiexcerpt include | ||||||
|---|---|---|---|---|---|---|
|
In a PAS setup, you can use the policy defaults:
- The Realm name is set automatically.
- Leave Keycloak Realm Certificate empty. The policy will try to fetch the public keys directly from your Keycloak realm.
- In addition, we recommend to enable option Forward Roles (Forward Realm Roles). This simplifies the subsequent use of additional authorization with the AUTHORIZATION policy (refer to Additional Authorization for details).
| Tip |
|---|
Refer to KEYCLOAKOAUTH for a detailed overview on all settings of this policy. |
Working with Keycloak Tokens
| Multiexcerpt include | ||||||
|---|---|---|---|---|---|---|
|
How to Get the Secret
| Multiexcerpt include | ||||||
|---|---|---|---|---|---|---|
|
How to Retrieve the Keycloak Token
| Multiexcerpt include | ||||||
|---|---|---|---|---|---|---|
|
How to Use the Token for a Request
| Multiexcerpt include | ||||||
|---|---|---|---|---|---|---|
|
| Panel | ||
|---|---|---|
| ||
|
| Panel | ||
|---|---|---|
| ||
Overview
Content Tools