libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions
keycloak-scim/topics/resource-server/enable-authorization.adoc

68 lines
2.8 KiB
Text
Raw Normal View History

Updating docs with latest changes.
2016-06-16 17:08:04 +00:00
== Enabling Authorization Services
[KEYCLOAK-3546] - A lot of fixes and improvements to docs from srehorn.
2016-09-09 03:53:39 +00:00
To turn your OIDC Client Application into a resource server and enable fine-grained authorization, click on the `Authorization Enabled` switch and turn it `ON`.
Updating docs with latest changes.
2016-06-16 17:08:04 +00:00
.Enabling Authorization Services
image:../../images/resource-server/client-enable-authz.png[alt="Enabling Authorization Services"]
[KEYCLOAK-3546] - A lot of fixes and improvements to docs from srehorn.
2016-09-09 03:53:39 +00:00
Finally, click `Save`. When the save is complete,
a new `Authorization` tab will show up in the tab set for this client. Click on this tab and you should see a page similar to the following:
Updating docs with latest changes.
2016-06-16 17:08:04 +00:00
.Resource Server Settings
image:../../images/resource-server/authz-settings.png[alt="Resource Server Settings"]
The `Authorization` tab provides a few additional tabs covering the different steps that you should follow to actually protect your application's resources. Each tab is covered separately by
a specific topic in this documentation. But here is a quick description about each one:
* *Settings*
+
General settings for your resource server. More details about this page in this section.
* *Resource*
+
From this tab, you can manage your application's link:../resource/overview.html[Resources].
* *Scope*
+
From this tab, you can manage link:../resource/overview.html[Scopes].
* *Policies*
+
From this tab, you can manage link:../policy/overview.html[Authorization Policies] and define the conditions that must be met in order to grant a permission.
* *Permissions*
+
From this tab, you can manage the link:../permission/overview.html[Permissions] for your protected resources and scopes by linking them with the policies you created.
* *Evaluate*
+
From this tab, you can link:../policy-evaluation-tool/overview.html[Simulate Authorization Requests] and check the result of the evaluation of the permissions and authorization policies you have defined.
=== Resource Server Settings
Lets walk through each configuration item on this page.
* *Policy Enforcement Mode*
+
Dictates how policies are enforced when processing authorization requests sent to the server.
+
** *Enforcing*
+
This is the default mode. Requests are denied by default even when there is no policy associated with a given resource.
+
** *Permissive*
+
Requests are allowed even when there is no policy associated with a given resource.
[KEYCLOAK-3546] - A lot of fixes and improvements to docs from srehorn.
2016-09-09 03:53:39 +00:00
+
Updating docs with latest changes.
2016-06-16 17:08:04 +00:00
** *Disabled*
+
[KEYCLOAK-3546] - A lot of fixes and improvements to docs from srehorn.
2016-09-09 03:53:39 +00:00
Completely disables the evaluation of policies and allows access to any resource.
Updating docs with latest changes.
2016-06-16 17:08:04 +00:00
+
* *Allow Remote Resource Management*
+
[KEYCLOAK-3546] - A lot of fixes and improvements to docs from srehorn.
2016-09-09 03:53:39 +00:00
Should resources be managed remotely by the resource server? If false, resources can be managed only from this admin console.
Updating docs with latest changes.
2016-06-16 17:08:04 +00:00
+
* *Export Settings*
+
[KEYCLOAK-3546] - A lot of fixes and improvements to docs from srehorn.
2016-09-09 03:53:39 +00:00
In this section you can export the authorization configuration settings to a JSON file. Click the `Export` button to display the complete JSON configuration for you to download. The configuration contains everything defined for a resource server: protected resources, scopes, permissions and policies.
Reference in a new issue Copy permalink