Configuring an Identity Injection Policy for OAuth Claims

You must configure an Identity Injection policy if you want to send the claims details to the resource server. Claims can include user attributes or permissions.

Perform the following steps to configure an Identity Injection policy for scopes:

Click Devices > Access Gateway > Edit > [Reverse Proxy name] > [Proxy Service name].
Select the Protected Resources tab.
Click the protected resource for which you want to configure an Identity Injection policy.
Select the Identity Injection tab.
Click Manage Policies > New.
Specify a name for the policy and select Access Gateway: Identity Injection for the type of policy.
Click OK.

Specify the following details:

Field	Action
Description	Specify the purpose of this policy.
Priority	Specify the sequence in which you want to apply the rule in the policy, if the policy has multiple rules. The highest priority is 1 and the lowest priority is 10.
Action	Click New, then select one of the following: Inject into Authentication Header: Inserts the user name and password into the header. Select OAuth Claims under user name and then select a claim. Inject into Custom Header: Inserts custom names into the custom header. Select OAuth Claims under Value and then select a claim. Inject into Custom Header with Tags: Inserts custom tags with name/value content into the custom header. Select OAuth Claims under Tag Value and then select a claim. Inject into Query String: Inserts a query string into the URL for the page. Select OAuth Claims under Tag Value and then select a claim. Inject Kerberos Ticket: Inserts authentication values from the Kerberos ticket into the custom header. Select OAuth Claims under Value and then select a claim.

Click OK > OK.
Select the policy you created and click Apply Changes > Close.
The Identity Injection page of the protected resource opens.
Select the Identity Injection policy and click Enable > OK.