keycloak-scim/topics/resource-server/enable-authorization.adoc

== Enabling Authorization Services

To turn your OIDC Client Application into a resource server and enable fine-grained authorization, click the *Authorization Enabled* switch to *ON* and click *Save*.

.Enabling Authorization Services
image:../../images/resource-server/client-enable-authz.png[alt="Enabling Authorization Services"]

A new Authorization tab is displayed for this client. Click the *Authorization* tab and a page similar to the following is displayed:

.Resource Server Settings
image:../../images/resource-server/authz-settings.png[alt="Resource Server Settings"]

The Authorization tab contains additional sub-tabs covering the different steps that you must follow to actually protect your application's resources. Each tab is covered separately by a specific topic in this documentation. But here is a quick description about each one:

* *Settings*
+
General settings for your resource server. More details about this page in this section.

* *Resource*
+
From this page, you can manage your application's link:../resource/overview.html[resources].

* *Scope*
+
From this page, you can manage link:../resource/overview.html[scopes].

* *Policies*
+
From this page, you can manage link:../policy/overview.html[authorization policies] and define the conditions that must be met to grant a permission.

* *Permissions*
+
From this page, you can manage the link:../permission/overview.html[permissions] for your protected resources and scopes by linking them with the policies you created.

* *Evaluate*
+
From this page, you can link:../policy-evaluation-tool/overview.html[simulate authorization requests] and view the result of the evaluation of the permissions and authorization policies you have defined.

=== Resource Server Settings

On the Resource Server Settings page, you can configure the policy enforcement mode, allow remote resource management, and export the authorization configuration settings.

* *Policy Enforcement Mode*
+
Specifies how policies are enforced when processing authorization requests sent to the server.
+
** *Enforcing*
+
(default mode) Requests are denied by default even when there is no policy associated with a given resource.
+
** *Permissive*
+
Requests are allowed even when there is no policy associated with a given resource.
+
** *Disabled*
+
Disables the evaluation of all policies and allows access to all resources.
+
* *Allow Remote Resource Management*
+
Specifies whether resources can be managed remotely by the resource server. If false, resources can be managed only from the administration console.

+
* *Export Settings*
+
You can export the authorization configuration settings to a JSON file. Click *Export* to display the complete JSON configuration for download. The configuration file contains everything defined for a resource server: protected resources, scopes, permissions, and policies.
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00			`== Enabling Authorization Services`

General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`To turn your OIDC Client Application into a resource server and enable fine-grained authorization, click the Authorization Enabled switch to ON and click Save.`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
			`.Enabling Authorization Services`
			`image:../../images/resource-server/client-enable-authz.png[alt="Enabling Authorization Services"]`

General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`A new Authorization tab is displayed for this client. Click the Authorization tab and a page similar to the following is displayed:`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
			`.Resource Server Settings`
			`image:../../images/resource-server/authz-settings.png[alt="Resource Server Settings"]`

General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`The Authorization tab contains additional sub-tabs covering the different steps that you must follow to actually protect your application's resources. Each tab is covered separately by a specific topic in this documentation. But here is a quick description about each one:`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
			`* Settings`
			`+`
			`General settings for your resource server. More details about this page in this section.`

			`* Resource`
			`+`
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`From this page, you can manage your application's link:../resource/overview.html[resources].`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
			`* Scope`
			`+`
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`From this page, you can manage link:../resource/overview.html[scopes].`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
			`* Policies`
			`+`
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`From this page, you can manage link:../policy/overview.html[authorization policies] and define the conditions that must be met to grant a permission.`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
			`* Permissions`
			`+`
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`From this page, you can manage the link:../permission/overview.html[permissions] for your protected resources and scopes by linking them with the policies you created.`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
			`* Evaluate`
			`+`
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`From this page, you can link:../policy-evaluation-tool/overview.html[simulate authorization requests] and view the result of the evaluation of the permissions and authorization policies you have defined.`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
			`=== Resource Server Settings`

General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`On the Resource Server Settings page, you can configure the policy enforcement mode, allow remote resource management, and export the authorization configuration settings.`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
			`* Policy Enforcement Mode`
			`+`
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`Specifies how policies are enforced when processing authorization requests sent to the server.`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00			`+`
			`** Enforcing`
			`+`
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`(default mode) Requests are denied by default even when there is no policy associated with a given resource.`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00			`+`
			`** Permissive`
			`+`
			`Requests are allowed even when there is no policy associated with a given resource.`
[KEYCLOAK-3546] - A lot of fixes and improvements to docs from srehorn. 2016-09-09 03:53:39 +00:00			`+`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00			`** Disabled`
			`+`
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`Disables the evaluation of all policies and allows access to all resources.`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00			`+`
			`* Allow Remote Resource Management`
			`+`
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`Specifies whether resources can be managed remotely by the resource server. If false, resources can be managed only from the administration console.`
Updating docs with latest changes. 2016-06-16 17:08:04 +00:00
			`+`
			`* Export Settings`
			`+`
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`You can export the authorization configuration settings to a JSON file. Click Export to display the complete JSON configuration for download. The configuration file contains everything defined for a resource server: protected resources, scopes, permissions, and policies.`