The connector for OAuth 2 Resources provides simple authenticated access to a web service through CloudAccess. The connector allows CloudAccess to authenticate a user against your identity sources and to provide protected access to a destination web service.
The connector for OAuth2 Resources offers a simple authentication method as an alternative to federated single sign-on connectors that use SAML 2.0 or WS-Federation protocols. Protocols for federated access management provide a robust trust and security model that is an open standard and widely used. However, it does require the protocol’s code to be installed on the protected services. Consider using the connector for OAuth2 Resources for smaller services that do not require the full security and trust that SAML or WS-Federation provides, and just need a simple method to validate and get identity information from a trusted source (the CloudAccess identity provider in this case).
By implementing the open standard OAuth 2.0 protocol, the connector for OAuth2 Resources behaves as an OAuth2 Authorization Server and Resource Server using the Authorization Code flow as detailed in the OAuth 2.0 Authorization Framework document at http://tools.ietf.org/html/rfc6749#section-4.1 .
Using this connector, the CloudAccess appliance provides user authentication and all OAuth2 token creation and validation for access to a protected resource.
NOTE:The OAuth2 Resources connector provides SP-initiated authentication. It does not have an IDP-initiated mode.
Use the information in the following sections to configure a connector for OAuth2 Resources: