Versions Compared
compared with
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Comment:
Published by Scroll Versions from space WAPIMGMNT232 and version 24.0
The KEYCLOAKOAUTH policy is used to secure an API via any other identity provider. Since every Scheer PAS installation contains a Keycloak instance, and Keycloak supports a lot of different providers, this Keycloak-specific OAuth2 policy should be your first choice to secure an API in the PAS environment.
Adding the Keycloak OAuth Policy
Multiexcerpt include | ||||||
---|---|---|---|---|---|---|
|
In a PAS setup, you can use the policy defaults:
- The Realm name is set automatically.
- Leave Keycloak Realm Certificate empty. The policy will try to fetch the public keys directly from your Keycloak realm.
- In addition, we recommend to enable option Forward Roles (Forward Realm Roles). This simplifies the subsequent use of additional authorization with the AUTHORIZATION policy (refer to Additional Authorization for details).
Tip |
---|
Refer to KEYCLOAKOAUTH for a detailed overview on all settings of this policy. |
Multiexcerpt include | ||||||
---|---|---|---|---|---|---|
|
Panel | ||
---|---|---|
| ||
|
Panel | ||
---|---|---|
|
Otp | ||
---|---|---|
|
Overview
Content Tools