Configuring OAuth 2.0 Servers
The OAuth Servers table lets you configure up to six OAuth 2.0 authentication servers.
You can use OAuth servers for the following services:
■ | OAuth-based login authentication of users (see example in OAuth-based User Login Authentication and Authorization). |
■ | OAuth-based authentication of incoming SIP messages (see example in OAuth 2.0 Based SIP Message Authentication). |
■ | OAuth-based authentication of outgoing HTTP/S requests to Remote Web Services (see example in OAuth 2.0 Based Authentication for Remote Web Services). |
You can configure only one OAuth server in the table with type Azure.
The following procedure describes how to configure the OAuth server through the Web interface. You can also configure it through ini file [OAuthServers] or CLI (configure system > oauth-servers).
➢ | To configure an OAuth server: |
1. | Open the OAuth Servers table (Setup menu > IP Network tab > AAA Servers folder > OAuth Servers). |
2. | Click New; the following dialog box appears: |
3. | Configure the OAuth server according to the parameters described in the table below. |
4. | Click Apply. |
OAuth Servers Table Parameter Descriptions
Parameter |
Description |
||||||
---|---|---|---|---|---|---|---|
'Index' [Index] |
Defines an index number for the new table row. Note: Each row must be configured with a unique index. |
||||||
'Name' server-name [OAuthServerName] |
Defines an arbitrary name to easily identify the row. The valid value is a string of up to 20 characters. Note:
|
||||||
'Server Type' server-type [OAuthServerType] |
Defines the provider of the OAuth service.
Note: You can configure only one OAuth server in the table for Azure. |
||||||
'Base URL' base-url [OAuthBaseURL] |
Defines the base URL. The endpoints configured by the below parameters follow this base URL. For example, the full URL path of the default authorization endpoint is "https://login.microsoftonline.com/common/oauth2/v2.0/authorize". The default is "https://login.microsoftonline.com/common". Note: The parameter is mandatory. |
||||||
'Authorization Endpoint' authorization-endpoint [OAuthAuthorizeEndpoint] |
Defines the authorization endpoint URL path (which follows the base URL). The default is "/oauth2/v2.0/authorize". Note: The parameter is applicable only when the 'Server Type' parameter is configured to Azure. |
||||||
'Device Code Endpoint' devicecode-endpoint [OAuthDeviceCodeEndpoint] |
Defines the device code endpoint URL. The default is "/oauth2/v2.0/devicecode". Note: The parameter is applicable only when the 'Server Type' parameter is configured to Azure. |
||||||
'Token Endpoint' token-endpoint [OAuthTokenEndpoint] |
Defines the token endpoint URL. The default is "/oauth2/v2.0/token". |
||||||
'Keys Endpoint' keys-endpoint [OAuthKeysEndpoint] |
Defines the key endpoint. The default is "/discovery/v2.0/keys". Note: The parameter is applicable only when the 'Server Type' parameter is configured to Azure, and is mandatory. |
||||||
'Logout Endpoint' logout-endpoint [OAuthLogoutEndpoint] |
Defines the logout endpoint URL. The default is "/oauth2/v2.0/logout". Note: The parameter is applicable only when the 'Server Type' parameter is configured to Azure. |
||||||
'Keys Refresh Time' keys-refresh-time [OAuthKeysRefreshTime] |
Defines the periodic time (in minutes) to refresh the public keys (by requesting them from Azure Entra ID or the standard OAuth server). The valid value range is 360 to 1440. By default, no value is defined. Note: The parameter is applicable only when the 'Server Type' parameter is configured to Azure, and is mandatory. |
||||||
'Application ID' application-id [OAuthAppId] |
Defines the Application (client) ID assigned by your Azure Entra ID or standard OAuth server account for the app created (registered) for the device. By default, no value is defined. Note: The parameter is mandatory. |
||||||
'Secret Key' secret-key [OAuthSecretKey] |
Defines the secret key (or client secret) that the device sends to the OAuth server for authentication. By default, no value is defined. Note:
|
||||||
'Scope' scope [OAuthScope] |
Defines the scope to access resources. By default, no value is defined. Note:
|
||||||
'REST API 'aud' Prefix' rest-api-aud-prefix [RestApiAudPrefix] |
Defines the REST API 'aud' prefix. This is used when validating the 'aud' specified when the validation request is from the REST API. The default is "api://". Note: The parameter is applicable only when the 'Server Type' parameter is configured to Azure. |
||||||
'TLS Context' tls-context [TLSContext] |
Assigns a TLS Context from the TLS Contexts table (see Configuring TLS Certificate Contexts). By default, no value is defined (and TLS Context #0 is used). |
||||||
'Verify Certificate' verify-certificate [VerifyCertificate] |
Enables the verification of the TLS certificate that is used in the incoming connection request from the OAuth server.
|
||||||
'Network Interface' network-interface [NetworkInterface] |
Assigns an IP network interface from the IP Interfaces table (see Configuring IP Network Interfaces) for communication with the OAuth server. By default, no value is defined (and OAMP interface is used). Note: The parameter is mandatory. |