keycloak-scim/topics/resource-server/create.adoc

== Creating Resource Servers

To create a resource server by by clicking on *Authorization* in the left menu bar. As a result, you'll be redirected
to the link::/resource-server/view.adoc[Viewing Resource Servers].

On that page, click on *Create* button in the right upper corner of the table.

A resource server is basically a *confidential* client application in {{book.project.name}}. To enable a client application as a resource server you need to make sure:

* Your client application is configured as a *confidential* client.
* Your client application is configured with *Service Accounts*.

=== Creating the Resource Server Manually

If you have any client application with the characteristics above, they will be available for selection in the *Client* field. Just select a client application and
click on *Save*.

The default values for the other fields should be enough to get you started with. You can also change these options later when editing a resource server.

=== Importing a JSON file with the Resource Server Configuration

When creating a resource server, you can also import a JSON file with all the necessary configuration. For that, click on *Select File* and choose a JSON file in your filesystem
with the resource server configuration.

To actually import the file, click on *Upload*. If your configuration file is OK and successfully imported you'll be redirected to the Resource Server Details Page.

=== Policy Enforcement Modes

Resource servers provide a *Policy Enforcement Mode* configuration option that dictates how policies are enforced when processing authorization requests sent to the server.

* *Enforcing*
+
This is the default mode. Requests are denied by default even when there is no policy associated with a given resource.
+
* *Permissive*
+
Requests are allowed even when there is no policy associated with a given resource.
* *Disabled*
+
Completely disables the evaluation of policies and allow access to any resource.