Angular - Java Sample App

CyberArk Identity API capabilities demonstration with Angular front-end and Java Spring-Boot

This Sample Application showcases the capabilities of CyberArk Identity APIs, Widgets and also includes OAuth and OpenID Connect playground with all possible grant flows. This app uses Java Spring backend and Angular JS frontend.

Angular - Java Sample App Code Base (GitHub)

As part of the sample app, we have created https://identitydemo.acmeinc.com using self-signed SSL and local hosts (DNS) mapping which would only work on the respective PC/Server.

CyberArk Identity Tenant Configuration

If you don't have any existing CyberArk tenant, you can try free trail tenant here

Create a Role

  • To create role refer here.
  • Ensure that User Management, Role Management Rights are added to the role under Administrative Rights section.

Setup an Authentication Profile

  • Setup an Authentication profile and add it to the policy under Authentication Policies section, for more details on authentication profile visit here.

Create a Policy

  • To create a policy refer here.
  • Ensure that above created role is added to the policy.

Setup an OAuth Client Application

This OAuth app is used to send requests to Signup API using the bearer token generated for a service user and in OAuth user interactive and machine to machine flows.

Steps to configure OAuth Client app from admin portal:

  • Navigate to CyberArk Admin portal and click on Web Apps under Apps section.
  • Click on “Add Web Apps” and navigate to Custom section and add OAuth2 Client app.
  • Open the OAuth2 client app created in above step.
  • In Settings section add any ID of your choice for the Application ID.
  • In General Usage select Client ID Type as Confidential and add the following "Redirect destinations" and "Save":
  • Add the Redirect destinations based on your app configuration. For the sample app, add the below redirect destinations.
https://identitydemo.acmeinc.com:4200/RedirectResource
https://identitydemo.acmeinc.com:8080/api/RedirectResource
  • Since the sample app demonstrates all the grant flow, select Auth Code, Implicit, Client Creds & Resource Owner as Auth Methods. Also, select JwtRS256 as Token type and save.
  • Add a name for Scope and add regex as shown below.
  • For more details on OAuth scope visit here.
  • Create a confidential client

    This client is required for client credentials grant flow.

    • Create a user and select the options under Status as shown below.
    • Add the new user to the above created role.
    • Fore more details on confidential client visit here.
  • Setup Permissions for OAuth 2.0 Client.
    • Add the above created role and give Run permission to generate Tokens.
  • For more details on OAuth2 Client app creation visit here

Setup an OpenID Connect Application

  • Navigate to CyberArk Admin portal and click on Web Apps under Apps section.
  • Click Add Web Apps and navigate to Custom section->Add OpenID Connect app
  • Open the OpenID Connect app created in above step.
  • In Settings section add any ID of your choice for the Application ID.
  • Navigate to Trust Section

    Enter client secret (E.g.: sample1234)

    • Add Resource application URL for the sample app.
https://identitydemo.acmeinc.com:4200/oidcflow
  • Add the Redirect destinations for the sample app.
https://identitydemo.acmeinc.com:4200/RedirectResource

Based on your app configuration the URLs configuration should be changed.

  • Setup Permissions for OpenID Connect.
    • Add the above created role and give Run permission to generate Tokens.

For more details on OpenID Connect visit here .

Specify Trusted DNS Domains for API Calls

  • Include Web App Domain in Trusted DNS Domains for API Calls.
    • Navigate to Settings -> Authentication -> Security Settings -> API Security in the admin portal.
    • Add an entry under Trusted DNS Domains for API Calls.
identitydemo.acmeinc.com

As part of the sample app, we have created https://identitydemo.acmeinc.com using self-signed SSL and local hosts (DNS) mapping.