Configure the Advanced Authentication server before you create any Advanced Authentication class.
Perform the following steps to configure Advanced Authentication server:
Click Devices > Identity Server > Shared Settings > Advanced Authentication.
Specify the domain name or IP address of Advanced Authentication server along with its port in Server Domain.
Select Integrate using OAuth under OAuth Event Configuration.
Specify the following details:
Event Name: Specify an event name. This event name must be identical to the event name specified in the Advanced Authentication Administration portal.
Client ID: Specify the client ID.
Client Secret: Specify the client secret.
You can get the client ID and client secret by creating an OAuth 2.0 event in the Advanced Authentication Administration portal. While creating this event you can configure the redirect URI that Access Manager uses to communicate with Advanced Authentication. Specify https://<identity server-url>:<port>/nidp/oauth/nam/callback in the Redirect URIs field.
For example, if the Identity Server URL is https://domain.example.com:8443/nidp, where domain.example.com is the domain name and 8443 is the port, then specify https://domain.example.com:8443/nidp/oauth/nam/callback in the Redirect URIs field.
For more information about how to create an OAuth 2.0 event in the Advanced Authentication portal, see Configuring Events.
Endpoint Links: These fields are auto-populated after you specify the server domain address and select the Integrate using OAuth option. Access Manager uses these endpoint links to retrieve token and user details from the Advanced Authentication server.
Authorization URL: Access Manager uses this URL to retrieve the authorization code from the Advanced Authentication server.
Token URL: Access Manager uses this URL to exchange the authorization code with the access token.
User Info URL: Access Manager sends the access token to this URL to get the user details from the Advanced Authentication server.
Integration URLs: The fields under Integration URLs are auto-populated after you specify the server domain address.
Enrollment Page URL: If the user is not enrolled in the Advanced Authentication server, then Access Manager uses this URL to redirect the user to the enrollment page.
Sign Data URL: Access Manager uses this URL to retrieve the signed data from the Advanced Authentication server.
Click Apply.
Proceed with Section 5.3.3, NetIQ Advanced Authentication to create Advanced Authentication classes.