Jump To Close Expand all Collapse all Table of contents Authorization Services Guide Making open source more inclusive 1. Authorization services overview Expand section "1. Authorization services overview" Collapse section "1. Authorization services overview" 1.1. Architecture Expand section "1.1. Architecture" Collapse section "1.1. Architecture" 1.1.1. The authorization process Expand section "1.1.1. The authorization process" Collapse section "1.1.1. The authorization process" 1.1.1.1. Resource management 1.1.1.2. Permission and policy management 1.1.1.3. Policy enforcement 1.1.2. Authorization services Expand section "1.1.2. Authorization services" Collapse section "1.1.2. Authorization services" 1.1.2.1. Token endpoint 1.1.2.2. Protection API 1.2. Terminology Expand section "1.2. Terminology" Collapse section "1.2. Terminology" 1.2.1. Resource Server 1.2.2. Resource 1.2.3. Scope 1.2.4. Permission 1.2.5. Policy 1.2.6. Policy provider 1.2.7. Permission ticket 2. Getting started Expand section "2. Getting started" Collapse section "2. Getting started" 2.1. Securing a servlet application 2.2. Creating a realm and a user 2.3. Enabling authorization services 2.4. Build, deploy, and test your application Expand section "2.4. Build, deploy, and test your application" Collapse section "2.4. Build, deploy, and test your application" 2.4.1. Obtaining the adapter configuration 2.4.2. Building and deploying the application 2.4.3. Testing the application 2.4.4. Next steps 2.5. Authorization quickstarts 3. Managing resource servers Expand section "3. Managing resource servers" Collapse section "3. Managing resource servers" 3.1. Creating a client application 3.2. Enabling authorization services Expand section "3.2. Enabling authorization services" Collapse section "3.2. Enabling authorization services" 3.2.1. Resource server settings 3.3. Default Configuration Expand section "3.3. Default Configuration" Collapse section "3.3. Default Configuration" 3.3.1. Changing the default configuration 3.4. Export and import authorization configuration Expand section "3.4. Export and import authorization configuration" Collapse section "3.4. Export and import authorization configuration" 3.4.1. Exporting a configuration file 3.4.2. Importing a configuration file 4. Managing resources and scopes Expand section "4. Managing resources and scopes" Collapse section "4. Managing resources and scopes" 4.1. Viewing resources 4.2. Creating resources Expand section "4.2. Creating resources" Collapse section "4.2. Creating resources" 4.2.1. Resource attributes 4.2.2. Typed resources 4.2.3. Resource owners 4.2.4. Managing resources remotely 5. Managing policies Expand section "5. Managing policies" Collapse section "5. Managing policies" 5.1. User-based policy Expand section "5.1. User-based policy" Collapse section "5.1. User-based policy" 5.1.1. Configuration 5.2. Role-based policy Expand section "5.2. Role-based policy" Collapse section "5.2. Role-based policy" 5.2.1. Configuration 5.2.2. Defining a role as required 5.3. JavaScript-based policy Expand section "5.3. JavaScript-based policy" Collapse section "5.3. JavaScript-based policy" 5.3.1. Configuration 5.3.2. Creating a JS policy from a deployed JAR file 5.3.3. Examples Expand section "5.3.3. Examples" Collapse section "5.3.3. Examples" 5.3.3.1. Checking for attributes from the evaluation context 5.3.3.2. Checking for attributes from the current identity 5.3.3.3. Checking for roles granted to the current identity 5.3.3.4. Checking for roles granted to an user 5.3.3.5. Checking for roles granted to a group 5.3.3.6. Pushing arbitrary claims to the resource server 5.3.3.7. Checking for group membership 5.3.3.8. Mixing different access control mechanisms 5.4. Time-based policy Expand section "5.4. Time-based policy" Collapse section "5.4. Time-based policy" 5.4.1. Configuration 5.5. Aggregated policy Expand section "5.5. Aggregated policy" Collapse section "5.5. Aggregated policy" 5.5.1. Configuration 5.5.2. Decision strategy for aggregated policies 5.6. Client-based policy Expand section "5.6. Client-based policy" Collapse section "5.6. Client-based policy" 5.6.1. Configuration 5.7. Group-based policy Expand section "5.7. Group-based policy" Collapse section "5.7. Group-based policy" 5.7.1. Configuration 5.7.2. Extending access to child groups 5.8. Client scope-based policy Expand section "5.8. Client scope-based policy" Collapse section "5.8. Client scope-based policy" 5.8.1. Configuration 5.8.2. Defining a client scope as required 5.9. Regex-Based Policy Expand section "5.9. Regex-Based Policy" Collapse section "5.9. Regex-Based Policy" 5.9.1. Configuration 5.10. Positive and negative logic 5.11. Policy evaluation API Expand section "5.11. Policy evaluation API" Collapse section "5.11. Policy evaluation API" 5.11.1. The evaluation context 6. Managing permissions Expand section "6. Managing permissions" Collapse section "6. Managing permissions" 6.1. Creating resource-based permission Expand section "6.1. Creating resource-based permission" Collapse section "6.1. Creating resource-based permission" 6.1.1. Configuration 6.1.2. Typed resource permission 6.2. Creating scope-based permissions Expand section "6.2. Creating scope-based permissions" Collapse section "6.2. Creating scope-based permissions" 6.2.1. Configuration 6.3. Policy decision strategies 7. Evaluating and testing policies Expand section "7. Evaluating and testing policies" Collapse section "7. Evaluating and testing policies" 7.1. Providing identity information 7.2. Providing contextual information 7.3. Providing the permissions 8. Authorization services Expand section "8. Authorization services" Collapse section "8. Authorization services" 8.1. Discovering authorization services endpoints and metadata 8.2. Obtaining permissions Expand section "8.2. Obtaining permissions" Collapse section "8.2. Obtaining permissions" 8.2.1. Client authentication methods 8.2.2. Pushing claims Expand section "8.2.2. Pushing claims" Collapse section "8.2.2. Pushing claims" 8.2.2.1. Pushing claims Using UMA 8.3. User-managed access Expand section "8.3. User-managed access" Collapse section "8.3. User-managed access" 8.3.1. Authorization process 8.3.2. Submitting permission requests 8.3.3. Managing access to users resources 8.4. Protection API Expand section "8.4. Protection API" Collapse section "8.4. Protection API" 8.4.1. What is a PAT and how to obtain it 8.4.2. Managing resources Expand section "8.4.2. Managing resources" Collapse section "8.4.2. Managing resources" 8.4.2.1. Creating a resource 8.4.2.2. Creating user-managed resources 8.4.2.3. Updating resources 8.4.2.4. Deleting resources 8.4.2.5. Querying resources 8.4.3. Managing permission requests Expand section "8.4.3. Managing permission requests" Collapse section "8.4.3. Managing permission requests" 8.4.3.1. Creating permission ticket 8.4.3.2. Other non UMA-compliant endpoints Expand section "8.4.3.2. Other non UMA-compliant endpoints" Collapse section "8.4.3.2. Other non UMA-compliant endpoints" 8.4.3.2.1. Creating permission ticket 8.4.3.2.2. Getting permission tickets 8.4.3.2.3. Updating permission ticket 8.4.3.2.4. Deleting permission ticket 8.4.4. Managing resource permissions using the Policy API Expand section "8.4.4. Managing resource permissions using the Policy API" Collapse section "8.4.4. Managing resource permissions using the Policy API" 8.4.4.1. Associating a permission with a resource 8.4.4.2. Removing a permission 8.4.4.3. Querying permission 8.5. Requesting party token Expand section "8.5. Requesting party token" Collapse section "8.5. Requesting party token" 8.5.1. Introspecting a requesting party token 8.5.2. Obtaining Information about an RPT 8.5.3. Do I need to invoke the server every time I want to introspect an RPT? 8.6. Authorization client java API Expand section "8.6. Authorization client java API" Collapse section "8.6. Authorization client java API" 8.6.1. Maven dependency 8.6.2. Configuration 8.6.3. Creating the authorization client 8.6.4. Obtaining user entitlements 8.6.5. Creating a resource using the protection API 8.6.6. Introspecting an RPT 9. Policy enforcers Expand section "9. Policy enforcers" Collapse section "9. Policy enforcers" 9.1. Configuration 9.2. Claim Information Point Expand section "9.2. Claim Information Point" Collapse section "9.2. Claim Information Point" 9.2.1. Obtaining information from the HTTP request 9.2.2. Obtaining information from an external HTTP service 9.2.3. Static claims 9.2.4. Claim information provider SPI 9.3. Obtaining the authorization context 9.4. Using the AuthorizationContext to obtain an Authorization Client Instance 9.5. JavaScript integration Expand section "9.5. JavaScript integration" Collapse section "9.5. JavaScript integration" 9.5.1. Handling authorization responses from a UMA-Protected resource server 9.5.2. Obtaining entitlements 9.5.3. Authorization request 9.5.4. Obtaining the RPT 9.6. Configuring TLS/HTTPS Legal Notice Settings Close Language: 简体中文 日本語 English Language: 简体中文 日本語 English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Language and Page Formatting Options Language: 简体中文 日本語 English Language: 简体中文 日本語 English Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Authorization Services Guide Red Hat Single Sign-On 7.5For Use with Red Hat Single Sign-On 7.5Red Hat Customer Content ServicesLegal NoticeAbstract This guide consists of information for authorization services for Red Hat Single Sign-On 7.5 Next