Breeze Authorization Service Integration

Last Updated : Apr 29, 2021 |

The Breeze Authorization Service Integration feature integrates the Avaya Breeze®Authorization service with Avaya Context Store Snap-in to grant access to applications using bearer tokens generated from the Context Store services.

Using this feature, you can configure any combinations of four values to grant access. You can also add or remove grants from the Authorization service in System Manager. This feature has the following user privileges:

Privileged: Used for privileged users
Standard: Used for standard users

For information on adding grants to the Breeze Authorization configuration, see Assigning permissions to an authorization client section in Avaya Context Store Snap-in Reference.

The values and function applicable to these feature types are:


Value	Function
create	Applies to all ContextStore REST POST methods
delete	Applies to all ContextStore REST DELETE methods
read	Applies to all ContextStore REST GET methods
update	Applies to all ContextStore REST PUT methods

Integration with Context Store REST API

From Context Store Release 3.2 onwards, the Breeze Authorization Service Integration feature adds authorization to all the ContextStore REST API methods by adding a new header attribute to each REST request. The ContextStore REST API checks the authorization header only when the attribute is enabled in System Manager. You must start the value with a bearer followed by the token created.

Additional API Methods

Four REST methods are available for generating bearer tokens. These APIs are available only if you set the Enable Breeze Authorization Service attribute on ContextStoreREST to True.

Any user can use the Get token and Get token by scope APIs to generate tokens. However, the APIs are accessible only if you set the Require user for Breeze Authorization Service attribute on ContextStoreREST to False. If you set the attribute to True, then you can use only the more secure versions of the generate-token APIs, for which you require valid login credentials.

You can generate tokens using four new REST methods available in the ContextStore REST API as follows:


Name	REST Method	URL	Headers	Notes
Get Token	GET	/services/CSRest/cs/contexts/token/		You can disable this method in System Manager attributes
Get Token by Scope	GET	/services/CSRest/cs/contexts/token/scope/	scope	You can disable this method in System Manager attributes `<SCOPE>` can be privileged or standard
Get Token for User	GET	/services/CSRest/cs/contexts/token/username/	username password	Set HTTP headers user name and password
Get Token for User by Scope	GET	/services/CSRest/cs/contexts/token/username/scope/	scope username password	Set HTTP headers user name and password `<SCOPE>` can be privileged or standard

ContextStore Rest attributes

As a part of the Breeze Authorization Service Integration feature, the ContextStore Rest snap-in provides the following three attributes:


Name	Values	Details
Address of Authorization Service	The fully qualified domain name (FQDN) or IP address of the cluster where the Authorization Service is installed.	Enter the FQDN or IP address of the UAC cluster with the Authorization service installed. This setting is used by the Oceana Configuration service, where you must enter the Authorization service address.
Enable Breeze Authorization Service	true false	Set the value to true. This setting does the following: It makes all of the ContextStoreRest APIs require tokens to use. Attempting to use one without a token gives an unauthorised error. It enables the token-generation APIs mentioned in the table above.
Require user for Breeze Authorization Service	true false	Set the value to true to use only the more secure versions of the generate-token APIs, for which you require valid login credentials. If you set this attribute on ContextStoreREST to false, all the APIs are accessible. Note: Setting the value to true disables the Get Token and the Get Token by Scope API methods. This means that the user is no longer able to generate a token without providing valid user credentials.

Send Feedback

AVAYA DOCUMENTATION CENTER

No results found