We Have Moved
The IBM Application Gateway has a new home - docs.verify.ibm.com/gateway
The documentation on this site will no longer be maintained after v21.02, please update your bookmarks.
Configuring OAuth Introspection with IBM Security Verify
IBM Security Verify provides identity-as-a-service for employees, including SSO, multifactor authentication, and user lifecycle management. It can be used as an Identity Provider by the IBM Application Gateway (IAG) using OAuth Introspection (as depicted below).
Before attempting to configure IBM Security Verify as an identity provider for IAG:
- You need a IBM Security Verify tenant. If you do not already have a IBM Security Verify tenant a free tenant can be obtained from https://www.ibm.com/account/reg/au-en/signup?formid=urx-36648.
- You need to create an API client in your IBM Security Verify tenant. Information on how to do this can be obtained from the Protecting Web Applications with IBM Security Verify page. When creating the API client you need to take special note of the created client ID and secret.
The IBM Security Verify configuration is contained within the 'identity/oauth' node of the IAG configuration YAML:
A description of the configuration options is available from the oauth page within the YAML reference. A minimal configuration requires the following configuration data:
- Introspection Endpoint
- Client Identity
- Client Secret
- An example configuration file is also available in the OAuth Configuration example page.