OAuth 2.0 and OIDC support

Security Access Manager supports the OAuth 2.0 protocol, including OpenID Connect.

The support is provided at both the Advanced Access Control and the Federation licensing levels.

• OAuth is an HTTP-based authorization protocol. It gives third-party applications scoped access to a protected resource on behalf of the resource owner. It gives scoped access by creating an approval interaction between the resource owner, client, and the resource server. It gives users the ability to share their private resources between sites without providing user names and passwords. Private resources can be anything, but common examples include photos, videos, and contact lists.

  The implementation of OAuth 2.0 in Advanced Access Control strictly follows the OAuth 2.0 standards. For a complete description of the OAuth 2.0 specifications, see the OAuth website http://www.oauth.net.

  The OAuth 2.0 implementation of Advanced Access Control also integrates with WebSphere DataPower. For more information, see DataPower Integration.

• OpenID Connect is an extension of the OAuth protocol to better support identity and authentication. For a complete description of the OpenID Connect specifications, see the OpenID website: http://openid.net/specs/
  Note: Prior versions of Security Access Manager supported OIDC through federation support. Security Access Manager now supports OIDC through API Protection. Existing deployments of Security Access Manager OIDC federations are fully supported, but new OIDC deployments should use API Protection. For documentation on managing existing OIDC federations, see Legacy support for OpenID Connect federations