On Mon, Feb 23, 2015 at 5:43 PM, Ranga Siriwardena <[email protected]> wrote:
> Hi All, > > During the API Manager Key Manager separation, we identified that we will > need to authenticate to identity components as signed in user instead of > admin user which is pre-configured in api-manager configuration. > > For example, Lets say we have two users called subscriber1 and > subscriber2. When creating OAuth Applications we have to call Oauth Admin > Service as particular user so that, this user can retrieve his/her > applications only. For this purpose we are facing two issues. > > 1) User has to sign in to Identity side admin services with basic > authentication (using username and password). But password is not available > in API store for this requirement. > > 2) User has to have permissions defined for particular admin service. In > this case user need to have "/permission/admin/manage" permission to access > OAuth Admin Service. > > > As a solution for the first issue we can use mutual-auth, so that identity > server(Key Manager) can trust API store when accessing admin services. > How does mutul-auth solve this problem? Say 'ranga' logs into the Store, how does the Store ask the admin service to fetch ranga's OAuth apps only? > > For the second problem, one option we identified is changing permission > required for OAuth Admin Service. So from API Manager side we can give that > required permission to API store users (users who has subscriber role). For > this we will need to patch IS component to achieve this requirement. > > Please let us know if you have any concerns/thoughts about this. > > Thank You. > Ranga. > > -- > Ranga Siriwardena > Software Engineer > WSO2 Inc. > -- Nuwan Dias Associate Tech Lead - WSO2, Inc. http://wso2.com email : [email protected] Phone : +94 777 775 729
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
