To finish the deployment of Secure API Manager you must complete the integration with Access Manager. Ensure that you have created the OAuth2 application in Access Manager before proceeding. For more information, see Section 3.0, Integrating Secure API Manager with Access Manager.
The remaining task is to configure Secure API Manager to access and use the Access Manager OAuth2 application. You perform these steps on only one appliance to complete the integration.
IMPORTANT:You must perform the following procedure from an API Gateway or a Lifecycle Manager. If you have the API Gateway or the Lifecycle Manager installed with another component, the procedure still works. You cannot perform the procedure on the Database Service component.
Ensure that you imported the Access Manager trusted root certificate, otherwise the Access Manager integration fails. The Access Manager trusted root certificate allows Secure API Manager and Access Manager to communicate securely over SSL. The Deployment Manager uses this connection to populate information during the integration. If you do not have a secure SSL connection between Secure API Manager and Access Manager, the Deployment Manager does not work. For more information, see Creating an SSL Connection Between Access Manager and Secure API Manager.
NOTE:Access Manager uses the term Identity Server and Secure API Manager uses the term Identity Provider. However, both terms refer to the Access Manager Identity Server.
To configure Secure API Manager to use the Access Manager OAuth2 application:
Log in to the appliance management console for any appliance using the root user and password you set during the deployment of the appliance. For more information, see Deploying the Secure API Manager Appliances.
https://ip-address-or-dns-name-appliance:9443Click DEPLOYMENT MANAGER to launch the Deployment Manager.
Click the ACCESS MANAGER INTEGRATION tab.
Use the following information to define your Access Manager Identity Server.
Specify a display name for the Access Manager Identity Server that appears in the Deployment Manager.
Specify a description of the Access Manager Identity Server. This allows you to provide additional information about the Identity Server so that other people will know which Access Manager Identity Server this is.
Specify a discovery endpoint for the Access Manager Identity Server. If the pre-populated URL, you must specify the DNS name of the Identity Server and port. The URL should be:
https://dns-name-identity-server:8443/nidp/oauth/nam/.well-known/openid-configurationSpecify the Client ID that you recorded in Step 5.f.
Leave the type as NIDP. NIDP refers to the Access Manager Identity Server.
Use the Identity Server configuration information in Access Manager to find values for the endpoints. In the Access Manager administration console, click Edit IDP > OAuth and OpenID Connect > Endpoint Summary.
Specify the Secret that you recorded in Step 5.f.
Click Get Token to generate the long-lived access token. The Deployment Manager auto-generates this token for you if all of the configuration information is correct.
Click Save to save the configuration information and register the Access Manager Identity Server with Secure API Manager.