@Chamod Samarajeewa <[email protected]> if we send username, password and resource to the KM, can't we get the required result from a single call to KM?
Agree with Nuwan that we can reduce a DB call at KM if we store scopes in synapse definition. Then we can sent username, password and scope (instead of resource) to the KM. On Thu, Feb 21, 2019 at 2:33 PM Nuwan Dias <[email protected]> wrote: > Yes, if we can maintain the resources and their respective scopes at the > synapse definition, we can avoid doing another call to KM (and the DB) at > the point of token validation. > > Also Chamod I guess we will have to come up with a design of how to keep > those information in the synapse XML. > > On Thu, Feb 21, 2019 at 2:27 PM Chamod Samarajeewa <[email protected]> > wrote: > >> Hi all, >> >> We have currently used the AuthenticationAdmin service to authenticate a >> user given the username and password(Basic Authentication). The next step >> is to validate whether the scopes bound to a resource are matched with the >> user roles. In this case, we might have to access the KeyManager several >> times as mentioned below. >> >> 1) Validate user based on username and password >> 2) To check whether the resource has a scope and if so request the scopes >> 3) Request user roles if scopes are bound to the resource >> >> We thought we can minimize the performance degradation which can happen >> due to multiple requests to the Key Manager as below. >> >> *Solution :* >> >> When a user publishes an API, the scopes bound to the API should be added >> to the Synapse-config. Then, at the runtime we can read the synapse >> configuration of API to check whether the resource has a scope bound and if >> so what are the scopes without calling the Key Manager. >> >> I would really appreciate any feedback. Thank you. >> >> Best regards, >> Chamod. >> >> >> On Sat, Feb 16, 2019 at 9:10 PM Chamod Samarajeewa <[email protected]> >> wrote: >> >>> Hi Harsha, >>> >>> Yes, the user can expose API either OAuth, Basic auth or even both with >>> this implementation. Thank you. >>> >>> Best Regards, >>> Chamod. >>> >>> On Fri, Feb 15, 2019 at 9:34 PM Harsha Kumara <[email protected]> wrote: >>> >>>> Hi Chamod, >>>> >>>> Can user choose to expose API either OAuth or Basic authentication with >>>> this implementation? >>>> >>>> We need to provide basic authentication agaist user store configured in >>>> the key manager. Because most of the timee, gateway won't share user >>>> stores. Please add the local user store authentication support as well. We >>>> need to look for possible caching mechanism for this. >>>> >>>> Since we do have mutual authentication as a security scheme, check the >>>> best way of providing the basic authentication >>>> >>>> Thanks, >>>> Harsha >>>> >>>> On Fri, Feb 15, 2019 at 9:07 PM Chamod Samarajeewa <[email protected]> >>>> wrote: >>>> >>>>> Adding [email protected] >>>>> >>>>> On Fri, Feb 15, 2019 at 5:18 PM Harsha Kumara <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Chamod, >>>>>> >>>>>> Can user choose to expose API either OAuth or Basic authentication >>>>>> with this implementation? >>>>>> >>>>>> We need to provide basic authentication agaist user store configured >>>>>> in the key manager. Because most of the timee, gateway won't share user >>>>>> stores. Please add the local user store authentication support as well. >>>>>> We >>>>>> need to look for possible caching mechanism for this. >>>>>> >>>>>> Since we do have mutual authentication as a security scheme, check >>>>>> the best way of providing the basic authentication >>>>>> >>>>>> Thanks, >>>>>> Harsha >>>>>> >>>>>> On Fri, Feb 15, 2019 at 4:59 PM Chamod Samarajeewa <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Adding [email protected]. >>>>>>> >>>>>>> >>>>>>> ---------- Forwarded message --------- >>>>>>> From: Nuwan Dias <[email protected]> >>>>>>> Date: Fri, Feb 15, 2019 at 3:01 PM >>>>>>> Subject: Re: Basic Authentication for APIM Gateway >>>>>>> To: Chamod Samarajeewa <[email protected]> >>>>>>> Cc: Architecture Team <[email protected]>, APIM Team < >>>>>>> [email protected]> >>>>>>> >>>>>>> >>>>>>> Chamod, this email should be sent to [email protected]. >>>>>>> >>>>>>> Thanks, >>>>>>> NuwanD. >>>>>>> >>>>>>> On Fri, Feb 15, 2019 at 2:37 PM Chamod Samarajeewa <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi All, >>>>>>>> >>>>>>>> I have included the information in the Github issue here as well. >>>>>>>> >>>>>>>> *Requirements* >>>>>>>> >>>>>>>> >>>>>>>> Provide authentication for APIM Gateway with basic authentication >>>>>>>> which uses usernames and passwords. >>>>>>>> >>>>>>>> *Introduction* >>>>>>>> >>>>>>>> >>>>>>>> Providing feature of enabling basic authentication security schema >>>>>>>> to product APIM Gateway along with OAuth2 token-based authentication. >>>>>>>> The >>>>>>>> user will be benefited with using only OAuth2 token based >>>>>>>> authentication >>>>>>>> alone, using basic authentication alone and using both schemas at the >>>>>>>> same >>>>>>>> time. >>>>>>>> >>>>>>>> >>>>>>>> *Approach* >>>>>>>> >>>>>>>> >>>>>>>> [image: Basic Auth - APIM-GW-2.jpg] >>>>>>>> >>>>>>>> curl -k -X GET "https://10.100.0.201:8243/pizzashack/1.0.0/menu"; >>>>>>>> -H "accept: application/json" -H "Authorization: Basic $(echo -n >>>>>>>> username:password | base64)" >>>>>>>> >>>>>>>> The API Authentication Handler will forward the request to Basic >>>>>>>> Auth Authenticator or OAuth Authenticator based on the authorization >>>>>>>> header >>>>>>>> of the request. >>>>>>>> >>>>>>>> Thank you. Regards. >>>>>>>> >>>>>>>> On Fri, Feb 15, 2019 at 2:20 PM Chamod Samarajeewa <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi All, >>>>>>>>> >>>>>>>>> I'm working on developing a new feature for APIM Gateway to >>>>>>>>> provide Basic Authentication support. You can find the details in the >>>>>>>>> following Github issue [1]. >>>>>>>>> >>>>>>>>> I would really appreciate any feedback. Thank you. >>>>>>>>> >>>>>>>>> Best regards, >>>>>>>>> Chamod. >>>>>>>>> >>>>>>>>> [1] - https://github.com/wso2/carbon-apimgt/issues/5986 >>>>>>>>> -- >>>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>>>>> GET INTEGRATION AGILE >>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>>>> GET INTEGRATION AGILE >>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Nuwan Dias* | Director | WSO2 Inc. >>>>>>> (m) +94 777 775 729 | (e) [email protected] >>>>>>> [image: Signature.jpg] >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>>> GET INTEGRATION AGILE >>>>>>> Integration Agility for Digitally Driven Business >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> *Harsha Kumara* >>>>>> >>>>>> Associate Technical Lead, WSO2 Inc. >>>>>> Mobile: +94775505618 >>>>>> Email: [email protected] >>>>>> Blog: harshcreationz.blogspot.com >>>>>> >>>>>> GET INTEGRATION AGILE >>>>>> Integration Agility for Digitally Driven Business >>>>>> >>>>> >>>>> >>>>> -- >>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>> GET INTEGRATION AGILE >>>>> Integration Agility for Digitally Driven Business >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>> >>>> >>>> -- >>>> >>>> *Harsha Kumara* >>>> >>>> Associate Technical Lead, WSO2 Inc. >>>> Mobile: +94775505618 >>>> Email: [email protected] >>>> Blog: harshcreationz.blogspot.com >>>> >>>> GET INTEGRATION AGILE >>>> Integration Agility for Digitally Driven Business >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>> >>> >>> -- >>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>> (m) +94710397382 | Email: [email protected] <[email protected]> >>> GET INTEGRATION AGILE >>> Integration Agility for Digitally Driven Business >>> >> >> >> -- >> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >> (m) +94710397382 | Email: [email protected] <[email protected]> >> GET INTEGRATION AGILE >> Integration Agility for Digitally Driven Business >> > > > -- > *Nuwan Dias* | Director | WSO2 Inc. > (m) +94 777 775 729 | (e) [email protected] > [image: Signature.jpg] > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
