Skip to main content

Configure an Authorization Server

An Authorization Server must exist within the DB. This can be done by making an entry to the auth_server table of the RSA (In future releases, this table will be deprecated and the entry will need to be made into the oauth_provider table as the RSA serves an OAuth Client to the Authorization Server). This Authorization Server must be the same server from which the Service Provider (SP) receives the bearer tokens representing user consent to allow the SP to have access to the user's resources. The RSA will use this Authorization Server to negotiate a PAT (An OAuth access token with the scope 'uma_protection'. It is used by a Resource Server to access an Authorization Server's protection and introspection APIs). 

INSERT INTO auth_server (id, version, date_created, last_updated, as_client_id, as_client_secret, as_name, as_url) 
VALUES (2, 1, now(), now(), "rsa-oauth-client-id", "rsa-oauth-client-secret", "Authorization Server Name", "https://auth-server-url" );

note

An entry must be made into the Authorization Server's database representing this OAuth-relationship as well where the RSA serves as an OAuth Client to the Authorization Server. Currently, the latest release of the RSA can only authenticate using Basic Client Secret Authentication. As a result, "client_secret_post" should be the chosen Authentication Method at the corresponding entry at the Authorization Server DB.