Hello,
Here you can find a documentation that describe the integration between ODM on k8s and Okta.
https://github.com/DecisionsDev/odm-docker-kubernetes/tree/master/authentication/OktaThe way to manage the client_credentials flow with ODM on prem is the same :
1/ Create a specific scope that we named "odmapiusers" in this tutorial
https://github.com/DecisionsDev/odm-docker-kubernetes/tree/master/authentication/Okta#configure-the-default-authorization-server2/ Create the dedicated OpenId Provider that will be used by Decision Center
https://github.com/DecisionsDev/odm-docker-kubernetes/blob/master/authentication/Okta/templates/OdmOidcProviders.json#L53/ Provide to the RES liberty the authorization to the OKTA ClientId. The ClientId is seen as a user in the client_credentials flow
https://github.com/DecisionsDev/odm-docker-kubernetes/blob/master/authentication/Okta/templates/webSecurity.xml#L14Obviously, all of this is assuming you configured the ODM liberty using an openIdConnectClient artefact similar to
https://github.com/DecisionsDev/odm-docker-kubernetes/blob/master/authentication/Okta/templates/openIdWebSecurity.xmlIf you are just interested by calling RES rest-api using client-credentials flow :
1/ Get a Bearer Token with the client_credentials flow
scope=odmapiusers #as explained previously
token_url=https://dev-963731.okta.com/oauth2/default/v1/token # replace by your own
curl -k -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" \
-d "scope=${scope}&grant_type=client_credentials&client_id=${client_id}&client_secret=${client_secret}" \
${token_url}
2/ Call res rest-api using an authorization Bearer header
-H "Authorization: Bearer <YOUR_TOKEN>"
Hope this helps
------------------------------
Mathias Mouly
------------------------------
Original Message:
Sent: Sat May 14, 2022 12:07 AM
From: PIKU Queen
Subject: Configure ODM ON PREM RES REST API with Okta
Hi ,
i am Looking for Some help on How to Configure OnPrem ODM 8.10.5 RES with OKTA Clint_Crdentials Flow , , We Control Res/decisonserver acess with roles and users , How we can Configure Clinet Credntials Flow ? As it eont get any user consent in access tokrn ?
------------------------------
PIKU Queen
------------------------------