The Keycloak OAuth policy is used to secure an API via any other identity provider. Since every Scheer PAS installation contains a Keycloak instance, and Keycloak supports a lot of different providers, this Keycloak-specific OAuth2 policy should be your first choice to secure an API in the PAS environment.

Adding the Keycloak OAuth Policy

A wizard supports you during policy configuration. Refer to Attaching Policies for a step-by-step guide.

In a PAS setup, you can use the policy defaults:

• The Realm name is set automatically.
• Leave Keycloak Realm Certificate empty. The policy will try to fetch the public keys directly from your Keycloak realm.
• In addition, we recommend to enable option Forward Roles (Forward Realm Roles). This simplifies the subsequent use of additional authorization with the Authorization policy (refer to Additional Authorization for details).

MultiExcerpt named keycloak_tokens was not found -- Please check the page name and MultiExcerpt name used in the MultiExcerpt-Include macro