Configuring OAuth Using the UI

OAuth in
NSX Advanced Load Balancer
is configured through several steps including setting up the pool, authentication profile, SSO policy, and OAuth settings for the virtual service.
To configure OAuth using the UI,
  1. Configuring the Pool .
  2. Configuring Authentication Profile.
  3. Configuring the SSO Policy .
  4. Configuring the OAuth Settings in the Virtual Services .

Configuring the Pool

Create a Pool with Type as OAuth and configure backend servers as shown below:
  1. Navigate to
    Applications
    Pools
    .
  2. Click
    CREATE POOL
    or edit the existing pools.
  3. Enter the Name of the pool.
  4. Select the
    Type
    as
    Oauth
    .
  5. Configure the pool as required.
  6. Under the
    Servers
    tab, enter the details in the
    Select Servers By
    field and click
    ADD
    .
  7. Click
    Save
    .

Configuring Authentication Profile

In the Authentication profile, configure the endpoints for OAuth authentication, including authorization and token endpoints. You can either import the endpoints or enter the details manually.
To configure the Authentication Profile,
  1. Navigate to
    Templates
    Security
    Auth Profile
    .
  2. Click
    CREATE
    .
  3. Enter the Name and select the
    Type
    as
    OAuth/OIDC
    .
  4. Perform one of the following steps to configure the endpoints:
    • To configure and retrieve the endpoints automatically, enter the URL in the
      Import Endpoints
      and click
      IMPORT
      .
    • To configure the endpoints manually, enter the required details.
  5. Click
    Save
    .

Configuring SSO Policy

Create an SSO Policy of type OAuth/OIDC as shown below,
  1. Navigate to
    Templates
    SSO Policy
    .
  2. Click
    CREATE
    .
  3. Enter the
    Name
    of the SSO Policy.
  4. Select
    OAuth/OIDC
    as the SSO Policy
    Type
    .
  5. Under
    Authentication Rules
    , click
    Add
    and configure the Authentication Rules as required.
  6. Under
    Authorization Rules
    , click
    Add
    and configure the Authorization Rules as required.
  7. Click
    Save
    .

Configuring the Virtual Service for OAuth

Create a new virtual service or edit an existing one where you want to enable OAuth authentication,
  1. Navigate to
    Applications
    Virtual Services
    .
  2. Click
    Create
    or edit the existing virtual service.
  3. Under
    Settings
    , select the
    Pool
    created for OAuth.
  4. Under
    Policies
    , click the
    Access
    tab and select
    OAuth
  5. Select the SSO Policy created for OAuth.
  6. Select the Authentication Profile created for OAuth.
  7. To limit access to the app, click
    Add Scopes
    and enter the
    Scope Name
    .
  8. Configure the other options as shown below:
  9. Click
    Save
    .
When configuring OAuth virtual services using the UI, at least one scope needs to be configured. If no scopes are required for the deployment, then configure a placeholder scope in the UI and remove it later using the CLI.