68 lines
2.7 KiB
Text
68 lines
2.7 KiB
Text
|
== Enabling Authorization Services
|
|||
|
|
|||
|
To turn your client application into a resource server and enable fine-grained authorization, click on the `Authorization Services Enable` switch and turn it `ON`.
|
|||
|
|
|||
|
.Enabling Authorization Services
|
|||
|
image:../../images/resource-server/client-enable-authz.png[alt="Enabling Authorization Services"]
|
|||
|
|
|||
|
Finally, click `Save`. When you do that,
|
|||
|
a new `Authorization` tab will show up. Click on this tab and you should see a page like that.
|
|||
|
|
|||
|
.Resource Server Settings
|
|||
|
image:../../images/resource-server/authz-settings.png[alt="Resource Server Settings"]
|
|||
|
|
|||
|
The `Authorization` tab provides a few additional tabs covering the different steps that you should follow to actually protect your application's resources. Each tab is covered separately by
|
|||
|
a specific topic in this documentation. But here is a quick description about each one:
|
|||
|
|
|||
|
* *Settings*
|
|||
|
+
|
|||
|
General settings for your resource server. More details about this page in this section.
|
|||
|
|
|||
|
* *Resource*
|
|||
|
+
|
|||
|
From this tab, you can manage your application's link:../resource/overview.html[Resources].
|
|||
|
|
|||
|
* *Scope*
|
|||
|
+
|
|||
|
From this tab, you can manage link:../resource/overview.html[Scopes].
|
|||
|
|
|||
|
* *Policies*
|
|||
|
+
|
|||
|
From this tab, you can manage link:../policy/overview.html[Authorization Policies] and define the conditions that must be met in order to grant a permission.
|
|||
|
|
|||
|
* *Permissions*
|
|||
|
+
|
|||
|
From this tab, you can manage the link:../permission/overview.html[Permissions] for your protected resources and scopes by linking them with the policies you created.
|
|||
|
|
|||
|
* *Evaluate*
|
|||
|
+
|
|||
|
From this tab, you can link:../policy-evaluation-tool/overview.html[Simulate Authorization Requests] and check the result of the evaluation of the permissions and authorization policies you have defined.
|
|||
|
|
|||
|
=== Resource Server Settings
|
|||
|
|
|||
|
Let’s walk through each configuration item on this page.
|
|||
|
|
|||
|
* *Policy Enforcement Mode*
|
|||
|
+
|
|||
|
Dictates how policies are enforced when processing authorization requests sent to the server.
|
|||
|
+
|
|||
|
** *Enforcing*
|
|||
|
+
|
|||
|
This is the default mode. Requests are denied by default even when there is no policy associated with a given resource.
|
|||
|
+
|
|||
|
** *Permissive*
|
|||
|
+
|
|||
|
Requests are allowed even when there is no policy associated with a given resource.
|
|||
|
** *Disabled*
|
|||
|
+
|
|||
|
Completely disables the evaluation of policies and allow access to any resource.
|
|||
|
+
|
|||
|
* *Allow Remote Resource Management*
|
|||
|
+
|
|||
|
Should resources be managed remotely by the resource server? If false, resources can only be managed from this admin console.
|
|||
|
|
|||
|
+
|
|||
|
* *Export Settings*
|
|||
|
+
|
|||
|
In this section you can export all settings to a JSON file. It provides a single `Export` button that you can click to
|
|||
|
download a JSON file containing every single configuration defined for a resource server: protected resources, scopes, permissions and policies.
|