Introduction

The IBM Security Verify Access OIDC Provider (ISVAOP) provides a containerized OIDC Provider which is designed to keep up with the latest OAuth and OIDC standards and comply with the latest conformance and specification standards, particularly Open Banking/FAPI.

Defining the Environment

At a high level, when starting the ISVAOP container you need to define:

1. The provider configuration that defines defaults and grant flows.
2. The storage layer configuration, including the choice of using a distributed session cache either in the form of the runtime database (HVDB) or Redis.
3. The client level configuration and authentication methods.
4. Any attribute sources.

Documentation

The specific documentation which will assist in getting you started includes:

• ISVAOP Overview

• ISVAOP Concepts, specifically:

  • Authorization Code
  • Client-Initiated Backchannel Authentication
  • Dynamic Client Registration
  • JWT-secured request
  • Pushed Authorization Request

• How to deploy the container into different container environments, for example:

  • Configuring runtime database.
  • Docker
  • Docker-Compose
  • Kubernetes
  • Red Hat® OpenShift®
  • Configuring IBM Security Verify Access
  • Secure Deployment Consideration

• How to debug ISVAOP :

  • Support and Limitation
  • Troubleshooting

• Example YAML configuration files, for example:

  • Provider
  • Storage
  • Attribute Source
  • LDAP Configuration
  • Clients

• How to use the JavaScript utilities, for example:

  • JavaScript Mapping Rule
  • Access Policy
  • IDMappingExtCache Utility
  • HttpClient Utility
  • JWT Utility
  • LDAPClient Utility
  • OAuthMappingExtUtils Utility
  • CIBA Mapping Rule

• Reference

  • Key Management
  • Database Cleanup
  • Generating Obfuscated Entried
  • Sizing
  • Perfromance Tuning

• Images

  • Containers