@Chamod Samarajeewa <[email protected]> can you share current implementation details? Is you basic authentication handler, I assume you calling token endpoint with hard coded consumer key and password. We should be able to support Johann's suggestion with Option 1.
On Fri, Mar 8, 2019 at 3:20 AM Harsha Kumara <[email protected]> wrote: > Is your requirement is to provide basic authentication via clientId and > clientSecret? For the microgateway, it will required to validate the this > by connecting to the key manager and bring the throttling information and > etc which will require another API. Else at micro gateway it will required > to generate a token using clientd and secret and resume the flow. > > On Fri, Mar 8, 2019 at 2:28 AM Johann Nallathamby <[email protected]> wrote: > >> *[sending this mail again because previous one wasn't copied to >> [email protected] <[email protected]>]* >> >> Hi Nuwan, Hi Harsha, Hi Chamod, >> >> An additional thought here. Most of the times customers who ask for basic >> authentication support are the customers who need to support legacy >> external applications I believe; not so much the internal applications. >> Because, there can be many external parties and they cannot ask all those >> parties to change. For example, mobile apps that take username/password to >> be changes to OAuth2. >> >> In those cases it could be also useful to track all these "clients"; >> meaning applying throttling and analytics. If we go with only >> username/password I believe we can't get that capability, because our >> throttling and analytics is coupled to OAuth2 client_id. Hence can we >> provide the following improvements. >> >> 1. For clients who are willing to change the client side slightly, we can >> use the following format: >> *base64((base64(client_id:username)):base64(client_secret:password))* >> I am assuming our client_id and client_secret doesn't contain ":" >> (colons). There can be many ways of doing this. So good if we can provide >> an extension point to extract the client credentials. >> >> 2. For clients who are not willing to change the client side at all, >> generate a blanket application from the gateway on first use of any such >> legacy application, to capture all such clients under one internal >> client_id, to apply analytics and throttling considering all those apps as >> one. I suppose this will at least separate the non-trusted apps from >> trusted apps, to minimize breaches. >> >> Thoughts? >> >> Regards, >> Johann. >> >> On Tue, Mar 5, 2019 at 4:41 PM Chamod Samarajeewa <[email protected]> >> wrote: >> >>> >>> >>> ---------- Forwarded message --------- >>> From: Chamod Samarajeewa <[email protected]> >>> Date: Tue, Mar 5, 2019 at 4:35 PM >>> Subject: Re: Basic Authentication for APIM Gateway >>> To: Nadeesha Gamage <[email protected]> >>> Cc: Harsha Kumara <[email protected]>, <[email protected]>, Nuwan >>> Dias <[email protected]>, APIM Team <[email protected]> >>> >>> >>> Hi Nadeesha, >>> >>> How will this impact statistics? Will it be possible to get usage >>>> statistics even if they use basic authentication? >>>> >>> >>> Yes, can get the usage statistics using the username and the api. >>> >>> I would also like to know when this feature would be available. >>> >>> >>> Within Q2 and Q3 time frame. >>> >>> Thank you.Best Regards. >>> Chamod. >>> >>> On Tue, Mar 5, 2019 at 3:32 PM Nadeesha Gamage <[email protected]> >>> wrote: >>> >>>> Hi Chamod, >>>> I would also like to know when this feature would be available. >>>> >>>> Nadeesha >>>> >>>> On Tue, Mar 5, 2019 at 3:30 PM Nadeesha Gamage <[email protected]> >>>> wrote: >>>> >>>>> Hi Chamod, >>>>> How will this impact statistics? Will it be possible to get usage >>>>> statistics even if they use basic authentication? >>>>> >>>>> Nadeesha >>>>> >>>>> On Fri, Feb 15, 2019 at 5:18 PM Harsha Kumara <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Chamod, >>>>>> >>>>>> Can user choose to expose API either OAuth or Basic authentication >>>>>> with this implementation? >>>>>> >>>>>> We need to provide basic authentication agaist user store configured >>>>>> in the key manager. Because most of the timee, gateway won't share user >>>>>> stores. Please add the local user store authentication support as well. >>>>>> We >>>>>> need to look for possible caching mechanism for this. >>>>>> >>>>>> Since we do have mutual authentication as a security scheme, check >>>>>> the best way of providing the basic authentication >>>>>> >>>>>> Thanks, >>>>>> Harsha >>>>>> >>>>>> On Fri, Feb 15, 2019 at 4:59 PM Chamod Samarajeewa <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Adding [email protected]. >>>>>>> >>>>>>> >>>>>>> ---------- Forwarded message --------- >>>>>>> From: Nuwan Dias <[email protected]> >>>>>>> Date: Fri, Feb 15, 2019 at 3:01 PM >>>>>>> Subject: Re: Basic Authentication for APIM Gateway >>>>>>> To: Chamod Samarajeewa <[email protected]> >>>>>>> Cc: Architecture Team <[email protected]>, APIM Team < >>>>>>> [email protected]> >>>>>>> >>>>>>> >>>>>>> Chamod, this email should be sent to [email protected]. >>>>>>> >>>>>>> Thanks, >>>>>>> NuwanD. >>>>>>> >>>>>>> On Fri, Feb 15, 2019 at 2:37 PM Chamod Samarajeewa <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi All, >>>>>>>> >>>>>>>> I have included the information in the Github issue here as well. >>>>>>>> >>>>>>>> *Requirements* >>>>>>>> >>>>>>>> >>>>>>>> Provide authentication for APIM Gateway with basic authentication >>>>>>>> which uses usernames and passwords. >>>>>>>> >>>>>>>> *Introduction* >>>>>>>> >>>>>>>> >>>>>>>> Providing feature of enabling basic authentication security schema >>>>>>>> to product APIM Gateway along with OAuth2 token-based authentication. >>>>>>>> The >>>>>>>> user will be benefited with using only OAuth2 token based >>>>>>>> authentication >>>>>>>> alone, using basic authentication alone and using both schemas at the >>>>>>>> same >>>>>>>> time. >>>>>>>> >>>>>>>> >>>>>>>> *Approach* >>>>>>>> >>>>>>>> >>>>>>>> [image: Basic Auth - APIM-GW-2.jpg] >>>>>>>> >>>>>>>> curl -k -X GET "https://10.100.0.201:8243/pizzashack/1.0.0/menu"; >>>>>>>> -H "accept: application/json" -H "Authorization: Basic $(echo -n >>>>>>>> username:password | base64)" >>>>>>>> >>>>>>>> The API Authentication Handler will forward the request to Basic >>>>>>>> Auth Authenticator or OAuth Authenticator based on the authorization >>>>>>>> header >>>>>>>> of the request. >>>>>>>> >>>>>>>> Thank you. Regards. >>>>>>>> >>>>>>>> On Fri, Feb 15, 2019 at 2:20 PM Chamod Samarajeewa <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi All, >>>>>>>>> >>>>>>>>> I'm working on developing a new feature for APIM Gateway to >>>>>>>>> provide Basic Authentication support. You can find the details in the >>>>>>>>> following Github issue [1]. >>>>>>>>> >>>>>>>>> I would really appreciate any feedback. Thank you. >>>>>>>>> >>>>>>>>> Best regards, >>>>>>>>> Chamod. >>>>>>>>> >>>>>>>>> [1] - https://github.com/wso2/carbon-apimgt/issues/5986 >>>>>>>>> -- >>>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>>>>> GET INTEGRATION AGILE >>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>>>> GET INTEGRATION AGILE >>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Nuwan Dias* | Director | WSO2 Inc. >>>>>>> (m) +94 777 775 729 | (e) [email protected] >>>>>>> [image: Signature.jpg] >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>>> GET INTEGRATION AGILE >>>>>>> Integration Agility for Digitally Driven Business >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> *Harsha Kumara* >>>>>> >>>>>> Associate Technical Lead, WSO2 Inc. >>>>>> Mobile: +94775505618 >>>>>> Email: [email protected] >>>>>> Blog: harshcreationz.blogspot.com >>>>>> >>>>>> GET INTEGRATION AGILE >>>>>> Integration Agility for Digitally Driven Business >>>>>> >>>>> >>>>> >>>>> -- >>>>> Nadeesha Gamage >>>>> Senior Lead Solutions Engineer >>>>> T : +94 77 394 5706 >>>>> B : https://nadeesha678.wordpress.com/ >>>>> >>>> >>>> >>>> -- >>>> Nadeesha Gamage >>>> Senior Lead Solutions Engineer >>>> T : +94 77 394 5706 >>>> B : https://nadeesha678.wordpress.com/ >>>> >>> >>> >>> -- >>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>> (m) +94710397382 | Email: [email protected] <[email protected]> >>> GET INTEGRATION AGILE >>> Integration Agility for Digitally Driven Business >>> >>> >>> -- >>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>> (m) +94710397382 | Email: [email protected] <[email protected]> >>> GET INTEGRATION AGILE >>> Integration Agility for Digitally Driven Business >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >> >> >> -- >> *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | >> WSO2 Inc. >> (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [email protected] >> [image: Signature.jpg] >> > > > -- > > *Harsha Kumara* > > Associate Technical Lead, WSO2 Inc. > Mobile: +94775505618 > Email: [email protected] > Blog: harshcreationz.blogspot.com > > GET INTEGRATION AGILE > Integration Agility for Digitally Driven Business > -- *Harsha Kumara* Associate Technical Lead, WSO2 Inc. Mobile: +94775505618 Email: [email protected] Blog: harshcreationz.blogspot.com GET INTEGRATION AGILE Integration Agility for Digitally Driven Business
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
