Configuration on ICS

Create an OAuth Server on ICS using the ICS Admin console

  1. Log in to the ICS Admin console as admin and navigate to Authentication > Auth Servers.
  2. From the dropdown list, select  OAuth Server and click New Server.
  3. Provide all the required parameters. Select Force Authentication to re-authenticate end users though a valid session is available at OAuth Provider.
  4. Select Enable PKCE to incorporate the OAuth protocol extension outlined in RFC 7636. Enabling Proof Key for Code Exchange (PKCE) helps to protect against interception of the authorization code returned from the authorization endpoint, by utilising a dynamically created cryptographically random key during the authorization and token requests.

    Select Manual to manually download the OAuth provider metadata from well-known OpenID URL in JSON format and upload to ICS.

    Select Dynamic to enter the well-known OpenID URL of the OAuth provider. ICS automatically fetches the OAuth Provider metadata from the location.


  5. To enable traffic segregation, under Authentication > Auth.Servers enable Traffic decoupling at Auth server level. Select the OAuth server under Port Selection, choose an interface to route interactions between ICS and OAuth Provider.

  6. To create a new user realm, navigate to Users > User Realms > New User Realm.
  7. Provide required Names and from the drop down Auth Servers, choose the OAuth Server created in the above Step.
  8. Save Changes and complete the rest of the steps for Role mapping rules.
  9. To create a Sign in policy, navigate to Authentication > Signing In > Sign-in Policies.
  10. Click New URL to create a New Sign-in policy.
  11. Provide the required fields like Name and then select User picks from a list of authentication realms, from the Available Realms list in left column, choose newly created realm in the Step above and click Add.
  12. Click Save Changes.