2016-11-29 15:30:53 +00:00
[[_resource_server_enable_authorization]]
2017-10-09 06:38:46 +00:00
= Enabling Authorization Services
2016-06-16 17:08:04 +00:00
2016-11-15 21:34:20 +00:00
To turn your OIDC Client Application into a resource server and enable fine-grained authorization, click the *Authorization Enabled* switch to *ON* and click *Save*.
2016-06-16 17:08:04 +00:00
.Enabling Authorization Services
2017-08-28 12:50:14 +00:00
image:{project_images}/resource-server/client-enable-authz.png[alt="Enabling Authorization Services"]
2016-06-16 17:08:04 +00:00
2016-11-15 21:34:20 +00:00
A new Authorization tab is displayed for this client. Click the *Authorization* tab and a page similar to the following is displayed:
2016-06-16 17:08:04 +00:00
.Resource Server Settings
2017-08-28 12:50:14 +00:00
image:{project_images}/resource-server/authz-settings.png[alt="Resource Server Settings"]
2016-06-16 17:08:04 +00:00
2016-11-15 21:34:20 +00:00
The Authorization tab contains additional sub-tabs covering the different steps that you must follow to actually protect your application's resources. Each tab is covered separately by a specific topic in this documentation. But here is a quick description about each one:
2016-06-16 17:08:04 +00:00
* *Settings*
+
2017-03-27 20:11:01 +00:00
General settings for your resource server. For more details about this page see the xref:resource_server_settings[Resource Server Settings] section.
2016-06-16 17:08:04 +00:00
* *Resource*
+
2017-08-28 12:50:14 +00:00
From this page, you can manage your application's <<_resource_overview, resources>>.
2016-06-16 17:08:04 +00:00
2017-12-21 14:01:55 +00:00
* *Authorization Scopes*
2016-06-16 17:08:04 +00:00
+
2017-08-28 12:50:14 +00:00
From this page, you can manage <<_resource_overview, scopes>>.
2016-06-16 17:08:04 +00:00
* *Policies*
+
2017-08-28 12:50:14 +00:00
From this page, you can manage <<_policy_overview, authorization policies>> and define the conditions that must be met to grant a permission.
2016-06-16 17:08:04 +00:00
* *Permissions*
+
2017-08-28 12:50:14 +00:00
From this page, you can manage the <<_permission_overview, permissions>> for your protected resources and scopes by linking them with the policies you created.
2016-06-16 17:08:04 +00:00
* *Evaluate*
+
2017-08-28 12:50:14 +00:00
From this page, you can <<_policy_evaluation_overview, simulate authorization requests>> and view the result of the evaluation of the permissions and authorization policies you have defined.
2016-06-16 17:08:04 +00:00
2017-12-21 14:01:55 +00:00
* *Export Settings*
+
From this page, you can <<_resource_server_import_config, export>> the authorization settings to a JSON file.
2017-03-27 20:11:01 +00:00
[[resource_server_settings]]
2017-10-09 06:38:46 +00:00
== Resource Server Settings
2016-06-16 17:08:04 +00:00
2016-11-15 21:34:20 +00:00
On the Resource Server Settings page, you can configure the policy enforcement mode, allow remote resource management, and export the authorization configuration settings.
2016-06-16 17:08:04 +00:00
* *Policy Enforcement Mode*
+
2016-11-15 21:34:20 +00:00
Specifies how policies are enforced when processing authorization requests sent to the server.
2016-06-16 17:08:04 +00:00
+
** *Enforcing*
+
2016-11-15 21:34:20 +00:00
(default mode) Requests are denied by default even when there is no policy associated with a given resource.
2016-06-16 17:08:04 +00:00
+
** *Permissive*
+
Requests are allowed even when there is no policy associated with a given resource.
2016-09-09 03:53:39 +00:00
+
2016-06-16 17:08:04 +00:00
** *Disabled*
+
2016-11-15 21:34:20 +00:00
Disables the evaluation of all policies and allows access to all resources.
2016-06-16 17:08:04 +00:00
+
2017-12-21 14:01:55 +00:00
* *Remote Resource Management*
2016-06-16 17:08:04 +00:00
+
2017-12-21 14:01:55 +00:00
Specifies whether resources can be managed remotely by the resource server. If false, resources can be managed only from the administration console.
