Users Guide
Delegated Authorization using OAuth 2.0
The Delegated Authorization feature allows a user or console to access iDRAC API using OAuth 2.0 JSON Web Tokens (JWT)
that the user or console first obtains from an Authorization Server. Once an OAuth JWT has been retrieved, the user or console
may use it to invoke iDRAC API. This circumvents the need for specifying username and password to access the API.
NOTE: This feature is only available for DataCenter license. You need to have Configure iDRAC or Configure Users privilege
to use this feature.
iDRAC supports configuration of up to 2 Authorization Servers. The configuration requires a user to specify the following
Authorization Server details:
● Name — A string to identify the Authorization Server on the iDRAC.
● Metadata URL — The OpenID Connect compliant URL as advertised by the server.
● HTTPS certificate — The server public key the iDRAC should use to communicate with the server.
● Offline Key — The JWK set document for the Authorization Server.
● Offline Issuer — The issuer string as used in tokens issued by the Authorization Server.
For Online configuration:
● When configuring an Authorization Server, the iDRAC administrator needs to ensure that the iDRAC has online network
access to the Authorization Server.
● If iDRAC cannot access the Authorization Server, the configuration fails and a subsequent attempt to access the iDRAC API
fails even though a valid token is presented.
For offline configuration:
● iDRAC does not need to communicate with the Auth server, but instead it is configures with the metadata details that it has
downloaded offline. When configured offline, iDRAC has public portion of the signing keys and can validate the token without
a network connection to the Auth server.
5
112 Delegated Authorization using OAuth 2.0