Hi all, Above REST APIs are secured with username/password login. But there are scenarios, where client(AF or any other server) do not have the password of the user to login and invoke these APIs. One mechanism introduced was to make use of SAML token of the logged in user of AF(another server) to authenticate to REST APIs and invoke.
We recently faced another issue with above SAML token based login approach when we test the REST APIs with curl, http clients etc because we do not have the password of the user or the SAML token of the user. So we need to allow clients to choose different authentication mechanism based on different requirements. One such requirement is to authenticate on behalf of another user(say on behalf on currently logged in user to one server). To provide this requirement, we need to introduce new login method similar to login(username, password), loginWithSAMLToken(token) as loginWthSignedJWTToken(token) etc. Do we have another authentication mechanism implemented for REST APIs similar to Carbon authenticators? As a quick fix, we can include above method and get it done, But we need to come up with a proper authentication mechanism, where we can configure multiple authentication options etc for REST APIs. WDYT? thank you. -- Manjula Rathnayaka Associate Technical Lead WSO2, Inc. Mobile:+94 77 743 1987
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
