Hi all, We have currently used the AuthenticationAdmin service to authenticate a user given the username and password(Basic Authentication). The next step is to validate whether the scopes bound to a resource are matched with the user roles. In this case, we might have to access the KeyManager several times as mentioned below.
1) Validate user based on username and password 2) To check whether the resource has a scope and if so request the scopes 3) Request user roles if scopes are bound to the resource We thought we can minimize the performance degradation which can happen due to multiple requests to the Key Manager as below. *Solution :* When a user publishes an API, the scopes bound to the API should be added to the Synapse-config. Then, at the runtime we can read the synapse configuration of API to check whether the resource has a scope bound and if so what are the scopes without calling the Key Manager. I would really appreciate any feedback. Thank you. Best regards, Chamod. On Sat, Feb 16, 2019 at 9:10 PM Chamod Samarajeewa <[email protected]> wrote: > Hi Harsha, > > Yes, the user can expose API either OAuth, Basic auth or even both with > this implementation. Thank you. > > Best Regards, > Chamod. > > On Fri, Feb 15, 2019 at 9:34 PM Harsha Kumara <[email protected]> wrote: > >> Hi Chamod, >> >> Can user choose to expose API either OAuth or Basic authentication with >> this implementation? >> >> We need to provide basic authentication agaist user store configured in >> the key manager. Because most of the timee, gateway won't share user >> stores. Please add the local user store authentication support as well. We >> need to look for possible caching mechanism for this. >> >> Since we do have mutual authentication as a security scheme, check the >> best way of providing the basic authentication >> >> Thanks, >> Harsha >> >> On Fri, Feb 15, 2019 at 9:07 PM Chamod Samarajeewa <[email protected]> >> wrote: >> >>> Adding [email protected] >>> >>> On Fri, Feb 15, 2019 at 5:18 PM Harsha Kumara <[email protected]> wrote: >>> >>>> Hi Chamod, >>>> >>>> Can user choose to expose API either OAuth or Basic authentication with >>>> this implementation? >>>> >>>> We need to provide basic authentication agaist user store configured in >>>> the key manager. Because most of the timee, gateway won't share user >>>> stores. Please add the local user store authentication support as well. We >>>> need to look for possible caching mechanism for this. >>>> >>>> Since we do have mutual authentication as a security scheme, check the >>>> best way of providing the basic authentication >>>> >>>> Thanks, >>>> Harsha >>>> >>>> On Fri, Feb 15, 2019 at 4:59 PM Chamod Samarajeewa <[email protected]> >>>> wrote: >>>> >>>>> Adding [email protected]. >>>>> >>>>> >>>>> ---------- Forwarded message --------- >>>>> From: Nuwan Dias <[email protected]> >>>>> Date: Fri, Feb 15, 2019 at 3:01 PM >>>>> Subject: Re: Basic Authentication for APIM Gateway >>>>> To: Chamod Samarajeewa <[email protected]> >>>>> Cc: Architecture Team <[email protected]>, APIM Team < >>>>> [email protected]> >>>>> >>>>> >>>>> Chamod, this email should be sent to [email protected]. >>>>> >>>>> Thanks, >>>>> NuwanD. >>>>> >>>>> On Fri, Feb 15, 2019 at 2:37 PM Chamod Samarajeewa <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> I have included the information in the Github issue here as well. >>>>>> >>>>>> *Requirements* >>>>>> >>>>>> >>>>>> Provide authentication for APIM Gateway with basic authentication >>>>>> which uses usernames and passwords. >>>>>> >>>>>> *Introduction* >>>>>> >>>>>> >>>>>> Providing feature of enabling basic authentication security schema to >>>>>> product APIM Gateway along with OAuth2 token-based authentication. The >>>>>> user >>>>>> will be benefited with using only OAuth2 token based authentication >>>>>> alone, >>>>>> using basic authentication alone and using both schemas at the same time. >>>>>> >>>>>> >>>>>> *Approach* >>>>>> >>>>>> >>>>>> [image: Basic Auth - APIM-GW-2.jpg] >>>>>> >>>>>> curl -k -X GET "https://10.100.0.201:8243/pizzashack/1.0.0/menu"; -H >>>>>> "accept: >>>>>> application/json" -H "Authorization: Basic $(echo -n >>>>>> username:password | base64)" >>>>>> >>>>>> The API Authentication Handler will forward the request to Basic Auth >>>>>> Authenticator or OAuth Authenticator based on the authorization header of >>>>>> the request. >>>>>> >>>>>> Thank you. Regards. >>>>>> >>>>>> On Fri, Feb 15, 2019 at 2:20 PM Chamod Samarajeewa <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> I'm working on developing a new feature for APIM Gateway to >>>>>>> provide Basic Authentication support. You can find the details in the >>>>>>> following Github issue [1]. >>>>>>> >>>>>>> I would really appreciate any feedback. Thank you. >>>>>>> >>>>>>> Best regards, >>>>>>> Chamod. >>>>>>> >>>>>>> [1] - https://github.com/wso2/carbon-apimgt/issues/5986 >>>>>>> -- >>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>>> GET INTEGRATION AGILE >>>>>>> Integration Agility for Digitally Driven Business >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>> GET INTEGRATION AGILE >>>>>> Integration Agility for Digitally Driven Business >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Nuwan Dias* | Director | WSO2 Inc. >>>>> (m) +94 777 775 729 | (e) [email protected] >>>>> [image: Signature.jpg] >>>>> >>>>> >>>>> -- >>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>> GET INTEGRATION AGILE >>>>> Integration Agility for Digitally Driven Business >>>>> >>>> >>>> >>>> -- >>>> >>>> *Harsha Kumara* >>>> >>>> Associate Technical Lead, WSO2 Inc. >>>> Mobile: +94775505618 >>>> Email: [email protected] >>>> Blog: harshcreationz.blogspot.com >>>> >>>> GET INTEGRATION AGILE >>>> Integration Agility for Digitally Driven Business >>>> >>> >>> >>> -- >>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>> (m) +94710397382 | Email: [email protected] <[email protected]> >>> GET INTEGRATION AGILE >>> Integration Agility for Digitally Driven Business >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >> >> >> -- >> >> *Harsha Kumara* >> >> Associate Technical Lead, WSO2 Inc. >> Mobile: +94775505618 >> Email: [email protected] >> Blog: harshcreationz.blogspot.com >> >> GET INTEGRATION AGILE >> Integration Agility for Digitally Driven Business >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> > > > -- > Chamod Samarajeewa | Software Engineer | WSO2 Inc. > (m) +94710397382 | Email: [email protected] <[email protected]> > GET INTEGRATION AGILE > Integration Agility for Digitally Driven Business > -- Chamod Samarajeewa | Software Engineer | WSO2 Inc. (m) +94710397382 | Email: [email protected] <[email protected]> GET INTEGRATION AGILE Integration Agility for Digitally Driven Business
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
