an economic assessment of northern gateway - Alberta Federation
Leveraging federation capabilities of identity server for api gateway
-
Upload
pushpalanka-jayawardhana -
Category
Software
-
view
212 -
download
4
description
Transcript of Leveraging federation capabilities of identity server for api gateway
![Page 1: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/1.jpg)
Last Updated: July 2. 2014
Software EngineerPushpalanka Jaywardhana
Leveraging Federation Capabilities
of Identity Server for API Gateway
![Page 2: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/2.jpg)
**
About the Presenter
๏ Pushpalanka Jayawardhana-Software Engineeremail:[email protected]
Pushpalanka is a member of WSO2 Identity Server team, focusing on security and integration. In addition to the development efforts, she has been involved in several consulting customer engagements, providing solutions for various requirements in different domains.
![Page 3: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/3.jpg)
**
About WSO2๏ Global enterprise, founded in
2005 by acknowledged leaders in XML, web services technologies, standards and open source
๏ Provides only open source platform-as-a-service for private, public and hybrid cloud deployments
๏ All WSO2 products are 100% open source and released under the Apache License Version 2.0.
๏ Is an Active Member of OASIS, Cloud Security Alliance, OSGi Alliance, AMQP Working Group, OpenID Foundation and W3C.
๏ Driven by Innovation
๏ Launched first open source API Management solution in 2012
๏ Launched App Factory in 2Q 2013
๏ Launched Enterprise Store and first open source Mobile solution in 4Q 2013
![Page 4: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/4.jpg)
**
What WSO2 delivers
![Page 5: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/5.jpg)
**
Outline
๏ Scenario๏ Deployment - IS as Key Manager for API Gateway
๏ Configuration Steps๏ Federation Capabilities of IS 5.0.0๏ Deployment - Extend to use an Existing IAM (Shibboleth IDP)๏ Expandability๏ Q&A
![Page 6: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/6.jpg)
**
Scenario
Web AppsSAML SSO
Shibboleth® is a registered trademark of Internet2®.
![Page 7: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/7.jpg)
**
Scenario
Web Apps
API Management(WSO2 API-M 1.7.0)
SAML SSOKey Manager
SAML SSO
![Page 8: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/8.jpg)
**
Scenario
Web Apps
API Management(WSO2 API-M 1.7.0)
SAML SSOKey Manager
(WSO2 IS 5.0.0)
SAML SSO
OAuth 2.0
![Page 9: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/9.jpg)
**
Scenario
Web Apps
API Management(WSO2 API-M 1.7.0)
SAML SSOKey Manager
(WSO2 IS 5.0.0)
SAML SSO
OAuth 2.0
![Page 10: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/10.jpg)
**
Deployment - IS as Key Manager for API Gateway
![Page 11: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/11.jpg)
**
Configuration Steps
Create the databases,
๏ WSO2REG_DB: keep the registry information
- use <IS_HOME>/dbscripts/<database_type>.sql
๏ WSO2UM_DB: store permissions and the internal roles
- use <IS_HOME>/dbscripts/<database_type>.sql
๏ WSO2AM_DB: keep the identity data and API-related data
- use
APIM_HOME>/dbscripts/apimgt/<database_type>.sql and
<IS_HOME>/dbscripts/identity/<database_type>.sql
![Page 12: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/12.jpg)
**
Configuration Steps Ctd
In Identity Server,๏ Install the ‘key manager’ feature๏ Copy api-manager.xml from API-M 1.7.0
๏ Do configurations to point to Gateway๏ Configure JWT generation
๏ Add data sources in master-datasource.xml๏ Copy registry.xml from API-M 1.7.0
๏ Do the registry mounts๏ Add handler for XACML media type
๏ Point identity.xml to use datasource AM_DB๏ Point user-mgt.xml to use datasource UM_DB
![Page 13: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/13.jpg)
**
Configuration Steps Ctd
In API Manager,๏ Add data sources in master-datasource.xml๏ Copy registry.xml from API-M 1.7.0
๏ Do the registry mounts๏ Point user-mgt.xml to use datasource UM_DB๏ In api-manager.xml
๏ Configure AuthManager and APIKey Manager๏ Point available default APIs to use IS endpoints
![Page 14: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/14.jpg)
**
Scenario
Web Apps
API Management(WSO2 API-M 1.7.0)
SAML SSOKey Manager
(WSO2 IS 5.0.0)
SAML SSO
OAuth 2.0
![Page 15: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/15.jpg)
**
Federation Capabilities of IS
๏ Federation between multiple heterogeneous identity providers
๏ SSO between heterogenous standards/protocols
๏ Out-of-the-box integration with Google Apps and Salesforce ๏ Home realm discovery - deriving user's home IDP from the
request
![Page 16: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/16.jpg)
**
Scenario
Web Apps
API Management(WSO2 API-M 1.7.0)
SAML SSOKey Manager
(WSO2 IS 5.0.0)
SAML SSO
OAuth 2.0
![Page 17: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/17.jpg)
**
Delegate Authentication to Shibboleth
๏ Configure Shibboleth IDP as a IDP in Identity Server๏ Configure default SP to use above configured IDP.
![Page 18: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/18.jpg)
**
Expandability of Solution
Web Apps
API Management(WSO2 API-M 1.7.0)
SAML SSO
Key Manager(WSO2 IS 5.0.0)
SAML SSO
OAuth 2.0
SSO between heterogenous standards/protocols
SalesForce
LifeRayGoogleApps
Drupal
SAML SSO
SAML SSO
OpenID
OpenID
![Page 19: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/19.jpg)
**
Expandability of Solution
Web Apps
SAML SSO
API Management(WSO2 API-M 1.7.0)
SAML SSO
Key Manager(WSO2 IS 5.0.0)
OAuth 2.0
Federation between multiple heterogeneous identity providers
Web Apps
OpenId
Google Apps FaceBookCustom-
---
SAML SSO
![Page 20: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/20.jpg)
**
More Information !๏ Download WSO2 Identity Server (latest version 5.0.0) from, http:
//wso2.com/products/identity-server๏ Download WSO2 API Manager (latest version 1.7.0) from, http:
//wso2.com/products/api-manager/๏ Set up Identity Server 5.0.0 as Key Manager for API Manager 5.0.0 -
https://docs.wso2.com/display/CLUSTER420/Configuring+WSO2+Identity+Server+as+the+Key+Manager
๏ Identity Server 5.0.0 documentation - https://docs.wso2.com/display/IS500/WSO2+Identity+Server+Documentation
๏ Configure Shibboleth with WSO2 products - http://dulanja.blogspot.com/2013/09/saml2-sso-to-wso2-420-carbon-products.html
๏ Enterprise Directory of APIs and Service Bus (University of Michingan Use case)- https://spaces.internet2.
edu/display/itana/University+of+Michigan
![Page 21: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/21.jpg)
**
Business Model
![Page 22: Leveraging federation capabilities of identity server for api gateway](https://reader034.fdocuments.in/reader034/viewer/2022042606/54b6d7444a7959703e8b46aa/html5/thumbnails/22.jpg)
Contact us !