Creating Confidential Resource App
Create Confidential Resource Application for user authentication.
For OAuth2 protocol to work, you must create a confidential resource app in the identity provider. The confidential resource application is a replication of Thales CipherTrust Manager (CM) and this has a 1:1 relationship.
When creating a confidential resource app, you must provide mandatory fields such as name, primary audience, functional scopes and enable client_credential
grant. A confidential client app is then created that replicates vault in OCI KMS.
Following are the mandatory fields (specific to External KMS) that you must provide:
- Name. Name of the confidential resource application.
- Description. A short description about the app.
- Resource Server Configuration.
- Primary audience. Based on your TLS connectivity configuration, provide either the IP address of the Thales CipherTrust Manager or the API Gateway Private IP address. For example, https://10.101.111.10/.
- Scopes
oci_ekms
. To perform all operations in Thales CipherTrust Manager.
- Client configuration
Client Credentials
. Enable the client credentials check box for Thales CM to authenticate OCI KMS and in turn authorizing OCI KMS requests. Activate the application by clicking on the activate button, you can see the client app id and the client secret on the home page.
For more information, see Confidential Resource Application.