[RHSSO-471] - Adding RH-SSO images
Before Width: | Height: | Size: 29 KiB After Width: | Height: | Size: 29 KiB |
Before Width: | Height: | Size: 121 KiB After Width: | Height: | Size: 121 KiB |
Before Width: | Height: | Size: 90 KiB After Width: | Height: | Size: 90 KiB |
Before Width: | Height: | Size: 70 KiB After Width: | Height: | Size: 70 KiB |
Before Width: | Height: | Size: 71 KiB After Width: | Height: | Size: 71 KiB |
Before Width: | Height: | Size: 67 KiB After Width: | Height: | Size: 67 KiB |
Before Width: | Height: | Size: 71 KiB After Width: | Height: | Size: 71 KiB |
Before Width: | Height: | Size: 122 KiB After Width: | Height: | Size: 122 KiB |
Before Width: | Height: | Size: 106 KiB After Width: | Height: | Size: 106 KiB |
Before Width: | Height: | Size: 31 KiB After Width: | Height: | Size: 31 KiB |
Before Width: | Height: | Size: 75 KiB After Width: | Height: | Size: 75 KiB |
Before Width: | Height: | Size: 74 KiB After Width: | Height: | Size: 74 KiB |
Before Width: | Height: | Size: 80 KiB After Width: | Height: | Size: 80 KiB |
Before Width: | Height: | Size: 79 KiB After Width: | Height: | Size: 79 KiB |
Before Width: | Height: | Size: 88 KiB After Width: | Height: | Size: 88 KiB |
Before Width: | Height: | Size: 101 KiB After Width: | Height: | Size: 101 KiB |
Before Width: | Height: | Size: 108 KiB After Width: | Height: | Size: 108 KiB |
Before Width: | Height: | Size: 85 KiB After Width: | Height: | Size: 85 KiB |
Before Width: | Height: | Size: 90 KiB After Width: | Height: | Size: 90 KiB |
Before Width: | Height: | Size: 99 KiB After Width: | Height: | Size: 99 KiB |
Before Width: | Height: | Size: 88 KiB After Width: | Height: | Size: 88 KiB |
Before Width: | Height: | Size: 87 KiB After Width: | Height: | Size: 87 KiB |
Before Width: | Height: | Size: 76 KiB After Width: | Height: | Size: 76 KiB |
Before Width: | Height: | Size: 125 KiB After Width: | Height: | Size: 125 KiB |
Before Width: | Height: | Size: 101 KiB After Width: | Height: | Size: 101 KiB |
Before Width: | Height: | Size: 80 KiB After Width: | Height: | Size: 80 KiB |
Before Width: | Height: | Size: 71 KiB After Width: | Height: | Size: 71 KiB |
Before Width: | Height: | Size: 120 KiB After Width: | Height: | Size: 120 KiB |
Before Width: | Height: | Size: 84 KiB After Width: | Height: | Size: 84 KiB |
Before Width: | Height: | Size: 75 KiB After Width: | Height: | Size: 75 KiB |
Before Width: | Height: | Size: 86 KiB After Width: | Height: | Size: 86 KiB |
Before Width: | Height: | Size: 85 KiB After Width: | Height: | Size: 85 KiB |
Before Width: | Height: | Size: 92 KiB After Width: | Height: | Size: 92 KiB |
Before Width: | Height: | Size: 83 KiB After Width: | Height: | Size: 83 KiB |
Before Width: | Height: | Size: 59 KiB After Width: | Height: | Size: 59 KiB |
Before Width: | Height: | Size: 72 KiB After Width: | Height: | Size: 72 KiB |
Before Width: | Height: | Size: 118 KiB After Width: | Height: | Size: 118 KiB |
Before Width: | Height: | Size: 63 KiB After Width: | Height: | Size: 63 KiB |
Before Width: | Height: | Size: 99 KiB After Width: | Height: | Size: 99 KiB |
BIN
rhsso-images/getting-started/hello-world/access-denied-page.png
Normal file
After Width: | Height: | Size: 29 KiB |
BIN
rhsso-images/getting-started/hello-world/adapter-config.png
Normal file
After Width: | Height: | Size: 88 KiB |
BIN
rhsso-images/getting-started/hello-world/authz-settings.png
Normal file
After Width: | Height: | Size: 85 KiB |
BIN
rhsso-images/getting-started/hello-world/create-client.png
Normal file
After Width: | Height: | Size: 65 KiB |
BIN
rhsso-images/getting-started/hello-world/create-realm.png
Normal file
After Width: | Height: | Size: 67 KiB |
BIN
rhsso-images/getting-started/hello-world/create-scope.png
Normal file
After Width: | Height: | Size: 67 KiB |
BIN
rhsso-images/getting-started/hello-world/create-user.png
Normal file
After Width: | Height: | Size: 67 KiB |
BIN
rhsso-images/getting-started/hello-world/enable-authz.png
Normal file
After Width: | Height: | Size: 125 KiB |
BIN
rhsso-images/getting-started/hello-world/login-page.png
Normal file
After Width: | Height: | Size: 47 KiB |
BIN
rhsso-images/getting-started/hello-world/main-page.png
Normal file
After Width: | Height: | Size: 32 KiB |
BIN
rhsso-images/getting-started/hello-world/reset-user-pwd.png
Normal file
After Width: | Height: | Size: 76 KiB |
BIN
rhsso-images/getting-started/kc-start-page.png
Normal file
After Width: | Height: | Size: 69 KiB |
BIN
rhsso-images/permission/create-resource.png
Normal file
After Width: | Height: | Size: 84 KiB |
BIN
rhsso-images/permission/create-scope.png
Normal file
After Width: | Height: | Size: 86 KiB |
BIN
rhsso-images/permission/typed-resource-perm-example.png
Normal file
After Width: | Height: | Size: 84 KiB |
BIN
rhsso-images/permission/view.png
Normal file
After Width: | Height: | Size: 103 KiB |
BIN
rhsso-images/policy-evaluation-tool/policy-evaluation-tool.png
Normal file
After Width: | Height: | Size: 111 KiB |
BIN
rhsso-images/policy/create-aggregated.png
Normal file
After Width: | Height: | Size: 80 KiB |
BIN
rhsso-images/policy/create-drools.png
Normal file
After Width: | Height: | Size: 85 KiB |
BIN
rhsso-images/policy/create-js.png
Normal file
After Width: | Height: | Size: 96 KiB |
BIN
rhsso-images/policy/create-role.png
Normal file
After Width: | Height: | Size: 87 KiB |
BIN
rhsso-images/policy/create-time.png
Normal file
After Width: | Height: | Size: 80 KiB |
BIN
rhsso-images/policy/create-user.png
Normal file
After Width: | Height: | Size: 74 KiB |
BIN
rhsso-images/policy/view.png
Normal file
After Width: | Height: | Size: 130 KiB |
BIN
rhsso-images/resource-server/authz-export.png
Normal file
After Width: | Height: | Size: 122 KiB |
BIN
rhsso-images/resource-server/authz-settings.png
Normal file
After Width: | Height: | Size: 85 KiB |
BIN
rhsso-images/resource-server/client-create.png
Normal file
After Width: | Height: | Size: 65 KiB |
BIN
rhsso-images/resource-server/client-enable-authz.png
Normal file
After Width: | Height: | Size: 123 KiB |
BIN
rhsso-images/resource-server/client-list.png
Normal file
After Width: | Height: | Size: 76 KiB |
BIN
rhsso-images/resource-server/create.png
Normal file
After Width: | Height: | Size: 75 KiB |
BIN
rhsso-images/resource-server/default-permission.png
Normal file
After Width: | Height: | Size: 84 KiB |
BIN
rhsso-images/resource-server/default-policy.png
Normal file
After Width: | Height: | Size: 86 KiB |
BIN
rhsso-images/resource-server/default-resource.png
Normal file
After Width: | Height: | Size: 86 KiB |
BIN
rhsso-images/resource-server/manage.png
Normal file
After Width: | Height: | Size: 83 KiB |
BIN
rhsso-images/resource-server/view.png
Normal file
After Width: | Height: | Size: 59 KiB |
BIN
rhsso-images/resource/create.png
Normal file
After Width: | Height: | Size: 66 KiB |
BIN
rhsso-images/resource/view.png
Normal file
After Width: | Height: | Size: 100 KiB |
BIN
rhsso-images/service/rs-uma-authorization-role.png
Normal file
After Width: | Height: | Size: 60 KiB |
BIN
rhsso-images/service/rs-uma-protection-role.png
Normal file
After Width: | Height: | Size: 93 KiB |
|
@ -9,7 +9,7 @@ Ensure you have a {{book.project.name}} instance running; the default configurat
|
||||||
Administration Console, a page similar to this one is displayed:
|
Administration Console, a page similar to this one is displayed:
|
||||||
|
|
||||||
.{{book.project.name}} Administration Console
|
.{{book.project.name}} Administration Console
|
||||||
image:../../images/getting-started/kc-start-page.png[alt="{{book.project.name}} Administration Console"]
|
image:../../{{book.images}}/getting-started/kc-start-page.png[alt="{{book.project.name}} Administration Console"]
|
||||||
|
|
||||||
The source code for the getting started tutorials can be obtained from the demo distributions. The authorization-related examples
|
The source code for the getting started tutorials can be obtained from the demo distributions. The authorization-related examples
|
||||||
are located at *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz*.
|
are located at *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz*.
|
|
@ -12,7 +12,7 @@ To create a realm and a user complete the following steps:
|
||||||
. Create a realm with a name *hello-world-authz*. Once created, a page similar to the following is displayed:
|
. Create a realm with a name *hello-world-authz*. Once created, a page similar to the following is displayed:
|
||||||
+
|
+
|
||||||
.Realm hello-world-authz
|
.Realm hello-world-authz
|
||||||
image:../../../images/getting-started/hello-world/create-realm.png[alt="Realm hello-world-authz"]
|
image:../../../{{book.images}}/getting-started/hello-world/create-realm.png[alt="Realm hello-world-authz"]
|
||||||
|
|
||||||
. Create a user for your newly created realm. Click *Users*. The user list page opens.
|
. Create a user for your newly created realm. Click *Users*. The user list page opens.
|
||||||
|
|
||||||
|
@ -21,12 +21,12 @@ image:../../../images/getting-started/hello-world/create-realm.png[alt="Realm he
|
||||||
. Complete the fields as shown in the screenshot below to create a new user with the username of *alice* and then click *Save*.
|
. Complete the fields as shown in the screenshot below to create a new user with the username of *alice* and then click *Save*.
|
||||||
+
|
+
|
||||||
.Add User
|
.Add User
|
||||||
image:../../../images/getting-started/hello-world/create-user.png[alt="Add User"]
|
image:../../../{{book.images}}/getting-started/hello-world/create-user.png[alt="Add User"]
|
||||||
|
|
||||||
. Set a password for the *alice* user by clicking the *Credentials* tab.
|
. Set a password for the *alice* user by clicking the *Credentials* tab.
|
||||||
+
|
+
|
||||||
.Set User Password
|
.Set User Password
|
||||||
image:../../../images/getting-started/hello-world/reset-user-pwd.png[alt="Set User Password"]
|
image:../../../{{book.images}}/getting-started/hello-world/reset-user-pwd.png[alt="Set User Password"]
|
||||||
|
|
||||||
. Complete the *New Password* and *Password Confirmation* fields with a password and click the *Temporary* switch to *OFF*.
|
. Complete the *New Password* and *Password Confirmation* fields with a password and click the *Temporary* switch to *OFF*.
|
||||||
|
|
||||||
|
|
|
@ -8,12 +8,12 @@ To create a new client, complete the following steps:
|
||||||
. Click *Clients* to start creating a new client application and fill in the fields as shown in the screenshot below:
|
. Click *Clients* to start creating a new client application and fill in the fields as shown in the screenshot below:
|
||||||
+
|
+
|
||||||
.Create Client Application
|
.Create Client Application
|
||||||
image:../../../images/getting-started/hello-world/create-client.png[alt="Create Client Application"]
|
image:../../../{{book.images}}/getting-started/hello-world/create-client.png[alt="Create Client Application"]
|
||||||
|
|
||||||
. Click *Save*. The Client Details page is displayed.
|
. Click *Save*. The Client Details page is displayed.
|
||||||
+
|
+
|
||||||
.Client Details
|
.Client Details
|
||||||
image:../../../images/getting-started/hello-world/enable-authz.png[alt="Client Details"]
|
image:../../../{{book.images}}/getting-started/hello-world/enable-authz.png[alt="Client Details"]
|
||||||
|
|
||||||
. On the Client Details page, click the *Authorization Enabled* switch to *ON*, and then click *Save*.
|
. On the Client Details page, click the *Authorization Enabled* switch to *ON*, and then click *Save*.
|
||||||
A new *Authorization* tab is displayed for the client.
|
A new *Authorization* tab is displayed for the client.
|
||||||
|
@ -21,7 +21,7 @@ A new *Authorization* tab is displayed for the client.
|
||||||
. Click the *Authorization* tab and an Authorization Settings page similar to the following is displayed:
|
. Click the *Authorization* tab and an Authorization Settings page similar to the following is displayed:
|
||||||
+
|
+
|
||||||
.Authorization Settings
|
.Authorization Settings
|
||||||
image:../../../images/getting-started/hello-world/authz-settings.png[alt="Authorization Settings"]
|
image:../../../{{book.images}}/getting-started/hello-world/authz-settings.png[alt="Authorization Settings"]
|
||||||
|
|
||||||
When you enable authorization services for a client application, {{book.project.name}} automatically creates several <<fake/../../../resource-server/default-config.adoc#_resource_server_default_config, default settings>> for your client authorization configuration.
|
When you enable authorization services for a client application, {{book.project.name}} automatically creates several <<fake/../../../resource-server/default-config.adoc#_resource_server_default_config, default settings>> for your client authorization configuration.
|
||||||
|
|
||||||
|
|
|
@ -12,12 +12,12 @@ To obtain the adapter configuration from the {{book.project.name}} Administratio
|
||||||
. Click *Clients*. In the client listing, click the *hello-world-authz-service* client application. The Client Details page opens.
|
. Click *Clients*. In the client listing, click the *hello-world-authz-service* client application. The Client Details page opens.
|
||||||
+
|
+
|
||||||
.Client Details
|
.Client Details
|
||||||
image:../../../images/getting-started/hello-world/enable-authz.png[alt="Client Details"]
|
image:../../../{{book.images}}/getting-started/hello-world/enable-authz.png[alt="Client Details"]
|
||||||
|
|
||||||
. Click the *Installation* tab. From the Format Option dropdown list, select *Keycloak OIDC JSON*. The adapter configuration is displayed in JSON format. Click *Download*.
|
. Click the *Installation* tab. From the Format Option dropdown list, select *Keycloak OIDC JSON*. The adapter configuration is displayed in JSON format. Click *Download*.
|
||||||
+
|
+
|
||||||
.Adapter Configuration
|
.Adapter Configuration
|
||||||
image:../../../images/getting-started/hello-world/adapter-config.png[alt="Adapter Configuration"]
|
image:../../../{{book.images}}/getting-started/hello-world/adapter-config.png[alt="Adapter Configuration"]
|
||||||
|
|
||||||
. Navigate to the *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz/hello-world-authz-service/src/main/webapp/WEB-INF* directory and locate the *keycloak.json* file. Replace its contents with the adapter configuration you obtained from step 2 and save the file.
|
. Navigate to the *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz/hello-world-authz-service/src/main/webapp/WEB-INF* directory and locate the *keycloak.json* file. Replace its contents with the adapter configuration you obtained from step 2 and save the file.
|
||||||
|
|
||||||
|
@ -44,12 +44,12 @@ mvn clean package wildfly:deploy
|
||||||
If your application was successfully deployed you can access it at http://localhost:8080/hello-world-authz-service[http://localhost:8080/hello-world-authz-service]. The {{book.project.name}} Login page opens.
|
If your application was successfully deployed you can access it at http://localhost:8080/hello-world-authz-service[http://localhost:8080/hello-world-authz-service]. The {{book.project.name}} Login page opens.
|
||||||
|
|
||||||
.Login Page
|
.Login Page
|
||||||
image:../../../images/getting-started/hello-world/login-page.png[alt="Login Page"]
|
image:../../../{{book.images}}/getting-started/hello-world/login-page.png[alt="Login Page"]
|
||||||
|
|
||||||
Log in as *alice* using the password you specified for that user. After authenticating, the following page is displayed:
|
Log in as *alice* using the password you specified for that user. After authenticating, the following page is displayed:
|
||||||
|
|
||||||
.Hello World Authz Main Page
|
.Hello World Authz Main Page
|
||||||
image:../../../images/getting-started/hello-world/main-page.png[alt="Hello World Authz Main Page"]
|
image:../../../{{book.images}}/getting-started/hello-world/main-page.png[alt="Hello World Authz Main Page"]
|
||||||
|
|
||||||
The <<fake/../../../resource-server/default-config.adoc#_resource_server_default_config, default settings>> defined by {{book.project.name}} when you enable authorization services for a client application provide a simple
|
The <<fake/../../../resource-server/default-config.adoc#_resource_server_default_config, default settings>> defined by {{book.project.name}} when you enable authorization services for a client application provide a simple
|
||||||
policy that always grants access to the resources protected by this policy.
|
policy that always grants access to the resources protected by this policy.
|
||||||
|
@ -68,7 +68,7 @@ $evaluation.deny();
|
||||||
|
|
||||||
Now, log out of the demo application and log in again. You can no longer access the application.
|
Now, log out of the demo application and log in again. You can no longer access the application.
|
||||||
|
|
||||||
image:../../../images/getting-started/hello-world/access-denied-page.png[alt="Access Denied Page"]
|
image:../../../{{book.images}}/getting-started/hello-world/access-denied-page.png[alt="Access Denied Page"]
|
||||||
|
|
||||||
Let's fix that now, but instead of changing the `Default Policy` code we are going to change the `Logic` to `Negative` using the dropdown list below the policy code text area.
|
Let's fix that now, but instead of changing the `Default Policy` code we are going to change the `Logic` to `Negative` using the dropdown list below the policy code text area.
|
||||||
That re-enables access to the application as we are negating the result of that policy, which is by default denying all requests for access. Again, before testing this change, be sure to log out and log in again.
|
That re-enables access to the application as we are negating the result of that policy, which is by default denying all requests for access. Again, before testing this change, be sure to log out and log in again.
|
||||||
|
|
|
@ -15,7 +15,7 @@ Ensure you have a {{book.project.name}} instance running; the default configurat
|
||||||
Administration Console, a page similar to this one is displayed:
|
Administration Console, a page similar to this one is displayed:
|
||||||
|
|
||||||
.{{book.project.name}} Administration Console
|
.{{book.project.name}} Administration Console
|
||||||
image:../../images/getting-started/kc-start-page.png[alt="{{book.project.name}} Administration Console"]
|
image:../../{{book.images}}/getting-started/kc-start-page.png[alt="{{book.project.name}} Administration Console"]
|
||||||
|
|
||||||
All source code for the getting started tutorials can be obtained from the demo distributions. The authorization-related examples
|
All source code for the getting started tutorials can be obtained from the demo distributions. The authorization-related examples
|
||||||
are located at *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz*.
|
are located at *${KEYCLOAK_DEMO_SERVER_DIR}/examples/authz*.
|
||||||
|
|
|
@ -6,7 +6,7 @@ A resource-based permission defines a set of one or more resources to protect us
|
||||||
To create a new resource-based permission, select *Resource-based* in the dropdown list in the upper right corner of the permission listing.
|
To create a new resource-based permission, select *Resource-based* in the dropdown list in the upper right corner of the permission listing.
|
||||||
|
|
||||||
.Add Resource-Based Permission
|
.Add Resource-Based Permission
|
||||||
image:../../images/permission/create-resource.png[alt="Add Resource-Based Permission"]
|
image:../../{{book.images}}/permission/create-resource.png[alt="Add Resource-Based Permission"]
|
||||||
|
|
||||||
==== Configuration
|
==== Configuration
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ A scope-based permission defines a set of one or more scopes to protect using a
|
||||||
To create a new scope-based permission, select *Scope-based* in the dropdown list in the upper right corner of the permission listing.
|
To create a new scope-based permission, select *Scope-based* in the dropdown list in the upper right corner of the permission listing.
|
||||||
|
|
||||||
.Add Scope-Based Permission
|
.Add Scope-Based Permission
|
||||||
image:../../images/permission/create-scope.png[alt="Add Scope-Based Permission"]
|
image:../../{{book.images}}/permission/create-scope.png[alt="Add Scope-Based Permission"]
|
||||||
|
|
||||||
==== Configuration
|
==== Configuration
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,7 @@ After creating the resources you want to protect and the policies you want to us
|
||||||
you can start managing permissions. To manage permissions, click the *Permissions* tab when editing a resource server.
|
you can start managing permissions. To manage permissions, click the *Permissions* tab when editing a resource server.
|
||||||
|
|
||||||
.Permissions
|
.Permissions
|
||||||
image:../../images/permission/view.png[alt="Permissions"]
|
image:../../{{book.images}}/permission/view.png[alt="Permissions"]
|
||||||
|
|
||||||
Permissions can be created to protect two main types of objects:
|
Permissions can be created to protect two main types of objects:
|
||||||
|
|
||||||
|
|
|
@ -13,4 +13,4 @@ To create a typed resource permission, click <<fake/../create-resource.adoc#_per
|
||||||
you can specify the type that you want to protect as well as the policies that are to be applied to govern access to all resources with type you have specified.
|
you can specify the type that you want to protect as well as the policies that are to be applied to govern access to all resources with type you have specified.
|
||||||
|
|
||||||
.Example of a Typed Resource Permission
|
.Example of a Typed Resource Permission
|
||||||
image:../../images/typed-resource-perm-example.png[alt="Example of a Typed Resource Permission"]
|
image:../../{{book.images}}/permission/typed-resource-perm-example.png[alt="Example of a Typed Resource Permission"]
|
|
@ -5,7 +5,7 @@ When designing your policies, you can simulate authorization requests to test ho
|
||||||
|
|
||||||
You can access the Policy Evaluation Tool by clicking the `Evaluate` tab when editing a resource server. There you can specify different inputs to simulate real authorization requests and test the effect of your policies.
|
You can access the Policy Evaluation Tool by clicking the `Evaluate` tab when editing a resource server. There you can specify different inputs to simulate real authorization requests and test the effect of your policies.
|
||||||
|
|
||||||
image:../../images/policy-evaluation-tool.png[alt="Policy Evaluation Tool"]
|
image:../../{{book.images}}/policy-evaluation-tool/policy-evaluation-tool.png[alt="Policy Evaluation Tool"]
|
||||||
|
|
||||||
=== Providing Identity Information
|
=== Providing Identity Information
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ As mentioned previously, {{book.project.name}} allows you to build a policy of p
|
||||||
To create a new aggregated policy, select *Aggregated* in the dropdown list located in the right upper corner of the permission listing.
|
To create a new aggregated policy, select *Aggregated* in the dropdown list located in the right upper corner of the permission listing.
|
||||||
|
|
||||||
.Add an Aggregated Policy
|
.Add an Aggregated Policy
|
||||||
image:../../images/policy/create-aggregated.png[alt="Add Aggregated Policy"]
|
image:../../{{book.images}}/policy/create-aggregated.png[alt="Add Aggregated Policy"]
|
||||||
|
|
||||||
Let's suppose you have a resource called _Confidential Resource_ that can be accessed only by users from the _keycloak.org_ domain and from a certain range of IP addresses.
|
Let's suppose you have a resource called _Confidential Resource_ that can be accessed only by users from the _keycloak.org_ domain and from a certain range of IP addresses.
|
||||||
You can create a single policy with both conditions. However, you want to reuse the domain part of this policy to apply to permissions that operates regardless of the originating network.
|
You can create a single policy with both conditions. However, you want to reuse the domain part of this policy to apply to permissions that operates regardless of the originating network.
|
||||||
|
|
|
@ -8,7 +8,7 @@ To create a new Rule-based policy, in the dropdown list in the right upper corne
|
||||||
select *Rule*.
|
select *Rule*.
|
||||||
|
|
||||||
.Add Rule Policy
|
.Add Rule Policy
|
||||||
image:../../images/policy/create-drools.png[alt="Add Rule Policy"]
|
image:../../{{book.images}}/policy/create-drools.png[alt="Add Rule Policy"]
|
||||||
|
|
||||||
==== Configuration
|
==== Configuration
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,7 @@ supported by {{book.project.name}}, and provides flexibility to write any policy
|
||||||
To create a new JavaScript-based policy, select *JavaScript* in the dropdown list in the upper right corner of the permission listing.
|
To create a new JavaScript-based policy, select *JavaScript* in the dropdown list in the upper right corner of the permission listing.
|
||||||
|
|
||||||
.Add JavaScript Policy
|
.Add JavaScript Policy
|
||||||
image:../../images/policy/create-js.png[alt="Add JavaScript Policy"]
|
image:../../{{book.images}}/policy/create-js.png[alt="Add JavaScript Policy"]
|
||||||
|
|
||||||
==== Configuration
|
==== Configuration
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ As mentioned previously, policies define the conditions that must be satisfied b
|
||||||
You can view all policies associated with a resource server by clicking the *Policy* tab when editing a resource server.
|
You can view all policies associated with a resource server by clicking the *Policy* tab when editing a resource server.
|
||||||
|
|
||||||
.Policies
|
.Policies
|
||||||
image:../../images/policy/view.png[alt="Policies"]
|
image:../../{{book.images}}/policy/view.png[alt="Policies"]
|
||||||
|
|
||||||
On this tab, you can view the list of previously created policies as well as create and edit a policy.
|
On this tab, you can view the list of previously created policies as well as create and edit a policy.
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@ When creating a role-based policy, you can specify a specific role as `Required`
|
||||||
only if the user requesting access has been granted *all* the *required* roles. Both realm and client roles can be configured as such.
|
only if the user requesting access has been granted *all* the *required* roles. Both realm and client roles can be configured as such.
|
||||||
|
|
||||||
.Example of Required Role
|
.Example of Required Role
|
||||||
image:../../images/policy/create-role.png[alt="Example of Required Role"]
|
image:../../{{book.images}}/policy/create-role.png[alt="Example of Required Role"]
|
||||||
|
|
||||||
To specify a role as required, select the `Required` checkbox for the role you want to configure as required.
|
To specify a role as required, select the `Required` checkbox for the role you want to configure as required.
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,7 @@ Role policies can be useful when you need more restricted role-based access cont
|
||||||
To create a new role-based policy, select *Role-Based* in the dropdown list in the upper right corner of the permission listing.
|
To create a new role-based policy, select *Role-Based* in the dropdown list in the upper right corner of the permission listing.
|
||||||
|
|
||||||
.Add Role-Based Policy
|
.Add Role-Based Policy
|
||||||
image:../../images/policy/create-role.png[alt="Add Role-Based Policy"]
|
image:../../{{book.images}}/policy/create-role.png[alt="Add Role-Based Policy"]
|
||||||
|
|
||||||
==== Configuration
|
==== Configuration
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ You can use this type of policy to define time conditions for your permissions.
|
||||||
To create a new time-based policy, select *Time* in the dropdown list in the upper right corner of the permission listing.
|
To create a new time-based policy, select *Time* in the dropdown list in the upper right corner of the permission listing.
|
||||||
|
|
||||||
.Add Time Policy
|
.Add Time Policy
|
||||||
image:../../images/policy/create-time.png[alt="Add Time Policy"]
|
image:../../{{book.images}}/policy/create-time.png[alt="Add Time Policy"]
|
||||||
|
|
||||||
==== Configuration
|
==== Configuration
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ You can use this type of policy to define conditions for your permissions where
|
||||||
To create a new user-based policy, select *User-Based* in the dropdown list in the upper right corner of the permission listing.
|
To create a new user-based policy, select *User-Based* in the dropdown list in the upper right corner of the permission listing.
|
||||||
|
|
||||||
.Add a User-Based Policy
|
.Add a User-Based Policy
|
||||||
image:../../images/policy/create-user.png[alt="Add User-Based Policy"]
|
image:../../{{book.images}}/policy/create-user.png[alt="Add User-Based Policy"]
|
||||||
|
|
||||||
==== Configuration
|
==== Configuration
|
||||||
|
|
||||||
|
|
|
@ -8,12 +8,12 @@ To create a client application, complete the following steps:
|
||||||
. Click *Clients*.
|
. Click *Clients*.
|
||||||
+
|
+
|
||||||
.Clients
|
.Clients
|
||||||
image:../../images/resource-server/client-list.png[alt="Clients"]
|
image:../../{{book.images}}/resource-server/client-list.png[alt="Clients"]
|
||||||
|
|
||||||
. On this page, click *Create*.
|
. On this page, click *Create*.
|
||||||
+
|
+
|
||||||
.Create Client
|
.Create Client
|
||||||
image:../../images/resource-server/client-create.png[alt="Create Client"]
|
image:../../{{book.images}}/resource-server/client-create.png[alt="Create Client"]
|
||||||
|
|
||||||
. Type the `Client ID` of the client. For example, _my-resource-server_.
|
. Type the `Client ID` of the client. For example, _my-resource-server_.
|
||||||
. Type the `Root URL` for your application. For example:
|
. Type the `Root URL` for your application. For example:
|
||||||
|
@ -25,4 +25,4 @@ http://${host}:${port}/my-resource-server
|
||||||
. Click *Save*. The client is created and the client Settings page opens. A page similar to the following is displayed:
|
. Click *Save*. The client is created and the client Settings page opens. A page similar to the following is displayed:
|
||||||
+
|
+
|
||||||
.Client Settings
|
.Client Settings
|
||||||
image:../../images/resource-server/client-enable-authz.png[alt="Client Settings"]
|
image:../../{{book.images}}/resource-server/client-enable-authz.png[alt="Client Settings"]
|
|
@ -12,7 +12,7 @@ The default configuration consists of:
|
||||||
The default protected resource is referred to as the *default resource* and you can view it if you navigate to the *Resources* tab.
|
The default protected resource is referred to as the *default resource* and you can view it if you navigate to the *Resources* tab.
|
||||||
|
|
||||||
.Default Resource
|
.Default Resource
|
||||||
image:../../images/resource-server/default-resource.png[alt="Default Resource"]
|
image:../../{{book.images}}/resource-server/default-resource.png[alt="Default Resource"]
|
||||||
|
|
||||||
This resource defines a `Type`, namely `urn:my-resource-server:resources:default` and a `URI` `/*`. Here, the `URI` field defines a
|
This resource defines a `Type`, namely `urn:my-resource-server:resources:default` and a `URI` `/*`. Here, the `URI` field defines a
|
||||||
wildcard pattern that indicates to {{book.project.name}} that this resource represents all the paths in your application. In other words,
|
wildcard pattern that indicates to {{book.project.name}} that this resource represents all the paths in your application. In other words,
|
||||||
|
@ -25,7 +25,7 @@ to the default resource or any other resource you create using the same type.
|
||||||
The default policy is referred to as the *only from realm policy* and you can view it if you navigate to the *Policies* tab.
|
The default policy is referred to as the *only from realm policy* and you can view it if you navigate to the *Policies* tab.
|
||||||
|
|
||||||
.Default Policy
|
.Default Policy
|
||||||
image:../../images/resource-server/default-policy.png[alt="Default Policy"]
|
image:../../{{book.images}}/resource-server/default-policy.png[alt="Default Policy"]
|
||||||
|
|
||||||
This policy is a <<fake/../../policy/js-policy.adoc#_policy_js, JavaScript-based policy>> defining a condition that always grants access to the resources protected by this policy. If you click this policy you can see that it defines a rule as follows:
|
This policy is a <<fake/../../policy/js-policy.adoc#_policy_js, JavaScript-based policy>> defining a condition that always grants access to the resources protected by this policy. If you click this policy you can see that it defines a rule as follows:
|
||||||
|
|
||||||
|
@ -37,7 +37,7 @@ $evaluation.grant();
|
||||||
Lastly, the default permission is referred to as the *default permission* and you can view it if you navigate to the *Permissions* tab.
|
Lastly, the default permission is referred to as the *default permission* and you can view it if you navigate to the *Permissions* tab.
|
||||||
|
|
||||||
.Default Permission
|
.Default Permission
|
||||||
image:../../images/resource-server/default-permission.png[alt="Default Permission"]
|
image:../../{{book.images}}/resource-server/default-permission.png[alt="Default Permission"]
|
||||||
|
|
||||||
This permission is a <<fake/../../permission/create-resource.adoc#_permission_create_resource, resource-based permission>>, defining a set of one or more policies that are applied to all resources with a given type.
|
This permission is a <<fake/../../permission/create-resource.adoc#_permission_create_resource, resource-based permission>>, defining a set of one or more policies that are applied to all resources with a given type.
|
||||||
|
|
||||||
|
|
|
@ -4,12 +4,12 @@
|
||||||
To turn your OIDC Client Application into a resource server and enable fine-grained authorization, click the *Authorization Enabled* switch to *ON* and click *Save*.
|
To turn your OIDC Client Application into a resource server and enable fine-grained authorization, click the *Authorization Enabled* switch to *ON* and click *Save*.
|
||||||
|
|
||||||
.Enabling Authorization Services
|
.Enabling Authorization Services
|
||||||
image:../../images/resource-server/client-enable-authz.png[alt="Enabling Authorization Services"]
|
image:../../{{book.images}}/resource-server/client-enable-authz.png[alt="Enabling Authorization Services"]
|
||||||
|
|
||||||
A new Authorization tab is displayed for this client. Click the *Authorization* tab and a page similar to the following is displayed:
|
A new Authorization tab is displayed for this client. Click the *Authorization* tab and a page similar to the following is displayed:
|
||||||
|
|
||||||
.Resource Server Settings
|
.Resource Server Settings
|
||||||
image:../../images/resource-server/authz-settings.png[alt="Resource Server Settings"]
|
image:../../{{book.images}}/resource-server/authz-settings.png[alt="Resource Server Settings"]
|
||||||
|
|
||||||
The Authorization tab contains additional sub-tabs covering the different steps that you must follow to actually protect your application's resources. Each tab is covered separately by a specific topic in this documentation. But here is a quick description about each one:
|
The Authorization tab contains additional sub-tabs covering the different steps that you must follow to actually protect your application's resources. Each tab is covered separately by a specific topic in this documentation. But here is a quick description about each one:
|
||||||
|
|
||||||
|
|
|
@ -14,12 +14,12 @@ To export a configuration file, complete the following steps:
|
||||||
. Navigate to the *Resource Server Settings* page.
|
. Navigate to the *Resource Server Settings* page.
|
||||||
+
|
+
|
||||||
.Resource Server Settings
|
.Resource Server Settings
|
||||||
image:../../images/resource-server/authz-settings.png[alt="Resource Server Settings"]
|
image:../../{{book.images}}/resource-server/authz-settings.png[alt="Resource Server Settings"]
|
||||||
|
|
||||||
. On this page, in the Export Settings section, click *Export*.
|
. On this page, in the Export Settings section, click *Export*.
|
||||||
+
|
+
|
||||||
.Export Settings
|
.Export Settings
|
||||||
image:../../images/resource-server/authz-export.png[alt="Export Settings"]
|
image:../../{{book.images}}/resource-server/authz-export.png[alt="Export Settings"]
|
||||||
|
|
||||||
The configuration file is exported in JSON format and displayed in a text area, from which you can copy and paste. You can also click *Download* to download the configuration file and save it.
|
The configuration file is exported in JSON format and displayed in a text area, from which you can copy and paste. You can also click *Download* to download the configuration file and save it.
|
||||||
|
|
||||||
|
|