Skip to content
|
You are browsing the Kong Gateway documentation archive. This documentation is no longer actively maintained.
See the latest Kong Gateway documentation.
Kong Gateway Enterprise [ARCHIVE]
2.1.x

PermalinkEnable Application Registration

PermalinkIntroduction

Applications allow registered developers on Kong Developer Portal to authenticate with OAuth2 against a Service on Kong. Either Kong or an external identity provider admins can selectively admit access to Services using Kong Manager.

PermalinkPrerequisites

  • Kong Gateway is installed, version 2.1.0.0 or newer.
  • Developer Portal is enabled on the same Workspace as the Service.
  • The Service is created and enabled with HTTPS.
  • Authentication is enabled on the Developer Portal.
  • Logged in as an admin with read and write roles on applications, services, and developers.
  • The portal_app_auth configuration option is configured for your OAuth provider and strategy (kong-oauth2 or external-oauth2). See Configure the Authorization Provider Strategy for the Portal Application Registration plugin.
  • Authorization provider configured if using a supported third-party identity provider with the OIDC plugin:
    • For example instructions using Okta as an identity provider, refer to the Okta example.
    • For example instructions using Azure AD as an identity provider, refer to the Azure example.

PermalinkEnable Application Registration on a Service using Kong Manager

To use Application Registration on a Service, the Portal Application Registration Plugin must be enabled on a Service.

In Kong Manager, access the Service for which you want to enable Application Registration:

  1. From your Workspace, in the left navigation pane, go to API Gateway > Services.
  2. On the Services page, select the Service and click View.
  3. In the Plugins pane in the Services page, click Add a Plugin.

  4. On the Add New Plugin page in the Authentication section, find the Portal Application Registration Plugin and click Enable.

    Portal Application Registration

  5. Enter the configuration settings. Use the parameters in the next section, Application Registration Configuration Parameters, to complete the fields.

    Create application-registration plugin

  6. Click Create.

PermalinkApplication Registration Configuration Parameters

PermalinkService

Required

Select the Service that this plugin configuration will target.

PermalinkTags

An optional set of strings for grouping and filtering, separated by commas.

PermalinkAuto Approve

Default: false

If enabled, all new Service contract requests are automatically approved. Otherwise, Dev Portal admins must manually approve requests.

PermalinkDescription

Default: none

Unique description displayed in the information about a Service in the Developer Portal.

PermalinkDisplay Name

Required

Unique display name used for a Service in the Developer Portal.

PermalinkShow issuer

Default: false

Displays the Issuer URL in the Service Details. Note: Exposing the Issuer URL is essential for the Authorization Code Flow workflow configured for third-party identity providers.

Issuer URL

PermalinkNext steps

  • If using the Kong-managed authorization strategy (kong-oauth2), configure the OAuth2 plugin. You can use the Kong Manager GUI or cURL commands as documented on the Plugin Hub. The OAuth2 plugin cannot be used in hybrid mode.
  • If using the third-party authorization strategy (external-oauth2), configure the OIDC plugin. You can use the Kong Manager GUI or cURL commands as documented on the Plugin Hub. When your deployment is hybrid mode, the OIDC plugin must be configured to handle authentication for the Portal Application Registration plugin.