On Fri, Mar 8, 2019 at 3:56 AM Chamod Samarajeewa <[email protected]> wrote:
> Hi Harsha, > > In the current implementation, we are not calling a token endpoint. We > directly validate basic auth credentials using RemoteUserStoreManager admin > service. Therefore, no hardcoded consumer key and password is used. > Are we caching the decision? > > Best Regards, > Chamod. > > On Fri, Mar 8, 2019 at 2:18 PM Harsha Kumara <[email protected]> wrote: > >> @Chamod Samarajeewa <[email protected]> can you share current >> implementation details? Is you basic authentication handler, I assume you >> calling token endpoint with hard coded consumer key and password. We should >> be able to support Johann's suggestion with Option 1. >> >> On Fri, Mar 8, 2019 at 3:20 AM Harsha Kumara <[email protected]> wrote: >> >>> Is your requirement is to provide basic authentication via clientId and >>> clientSecret? For the microgateway, it will required to validate the this >>> by connecting to the key manager and bring the throttling information and >>> etc which will require another API. Else at micro gateway it will required >>> to generate a token using clientd and secret and resume the flow. >>> >>> On Fri, Mar 8, 2019 at 2:28 AM Johann Nallathamby <[email protected]> >>> wrote: >>> >>>> *[sending this mail again because previous one wasn't copied to >>>> [email protected] <[email protected]>]* >>>> >>>> Hi Nuwan, Hi Harsha, Hi Chamod, >>>> >>>> An additional thought here. Most of the times customers who ask for >>>> basic authentication support are the customers who need to support legacy >>>> external applications I believe; not so much the internal applications. >>>> Because, there can be many external parties and they cannot ask all those >>>> parties to change. For example, mobile apps that take username/password to >>>> be changes to OAuth2. >>>> >>>> In those cases it could be also useful to track all these "clients"; >>>> meaning applying throttling and analytics. If we go with only >>>> username/password I believe we can't get that capability, because our >>>> throttling and analytics is coupled to OAuth2 client_id. Hence can we >>>> provide the following improvements. >>>> >>>> 1. For clients who are willing to change the client side slightly, we >>>> can use the following format: >>>> *base64((base64(client_id:username)):base64(client_secret:password))* >>>> I am assuming our client_id and client_secret doesn't contain ":" >>>> (colons). There can be many ways of doing this. So good if we can provide >>>> an extension point to extract the client credentials. >>>> >>>> 2. For clients who are not willing to change the client side at all, >>>> generate a blanket application from the gateway on first use of any such >>>> legacy application, to capture all such clients under one internal >>>> client_id, to apply analytics and throttling considering all those apps as >>>> one. I suppose this will at least separate the non-trusted apps from >>>> trusted apps, to minimize breaches. >>>> >>>> Thoughts? >>>> >>>> Regards, >>>> Johann. >>>> >>>> On Tue, Mar 5, 2019 at 4:41 PM Chamod Samarajeewa <[email protected]> >>>> wrote: >>>> >>>>> >>>>> >>>>> ---------- Forwarded message --------- >>>>> From: Chamod Samarajeewa <[email protected]> >>>>> Date: Tue, Mar 5, 2019 at 4:35 PM >>>>> Subject: Re: Basic Authentication for APIM Gateway >>>>> To: Nadeesha Gamage <[email protected]> >>>>> Cc: Harsha Kumara <[email protected]>, <[email protected]>, Nuwan >>>>> Dias <[email protected]>, APIM Team <[email protected]> >>>>> >>>>> >>>>> Hi Nadeesha, >>>>> >>>>> How will this impact statistics? Will it be possible to get usage >>>>>> statistics even if they use basic authentication? >>>>>> >>>>> >>>>> Yes, can get the usage statistics using the username and the api. >>>>> >>>>> I would also like to know when this feature would be available. >>>>> >>>>> >>>>> Within Q2 and Q3 time frame. >>>>> >>>>> Thank you.Best Regards. >>>>> Chamod. >>>>> >>>>> On Tue, Mar 5, 2019 at 3:32 PM Nadeesha Gamage <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Chamod, >>>>>> I would also like to know when this feature would be available. >>>>>> >>>>>> Nadeesha >>>>>> >>>>>> On Tue, Mar 5, 2019 at 3:30 PM Nadeesha Gamage <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi Chamod, >>>>>>> How will this impact statistics? Will it be possible to get usage >>>>>>> statistics even if they use basic authentication? >>>>>>> >>>>>>> Nadeesha >>>>>>> >>>>>>> On Fri, Feb 15, 2019 at 5:18 PM Harsha Kumara <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi Chamod, >>>>>>>> >>>>>>>> Can user choose to expose API either OAuth or Basic authentication >>>>>>>> with this implementation? >>>>>>>> >>>>>>>> We need to provide basic authentication agaist user store >>>>>>>> configured in the key manager. Because most of the timee, gateway won't >>>>>>>> share user stores. Please add the local user store authentication >>>>>>>> support >>>>>>>> as well. We need to look for possible caching mechanism for this. >>>>>>>> >>>>>>>> Since we do have mutual authentication as a security scheme, check >>>>>>>> the best way of providing the basic authentication >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Harsha >>>>>>>> >>>>>>>> On Fri, Feb 15, 2019 at 4:59 PM Chamod Samarajeewa <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Adding [email protected]. >>>>>>>>> >>>>>>>>> >>>>>>>>> ---------- Forwarded message --------- >>>>>>>>> From: Nuwan Dias <[email protected]> >>>>>>>>> Date: Fri, Feb 15, 2019 at 3:01 PM >>>>>>>>> Subject: Re: Basic Authentication for APIM Gateway >>>>>>>>> To: Chamod Samarajeewa <[email protected]> >>>>>>>>> Cc: Architecture Team <[email protected]>, APIM Team < >>>>>>>>> [email protected]> >>>>>>>>> >>>>>>>>> >>>>>>>>> Chamod, this email should be sent to [email protected]. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> NuwanD. >>>>>>>>> >>>>>>>>> On Fri, Feb 15, 2019 at 2:37 PM Chamod Samarajeewa < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi All, >>>>>>>>>> >>>>>>>>>> I have included the information in the Github issue here as well. >>>>>>>>>> >>>>>>>>>> *Requirements* >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Provide authentication for APIM Gateway with basic authentication >>>>>>>>>> which uses usernames and passwords. >>>>>>>>>> >>>>>>>>>> *Introduction* >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Providing feature of enabling basic authentication security >>>>>>>>>> schema to product APIM Gateway along with OAuth2 token-based >>>>>>>>>> authentication. The user will be benefited with using only OAuth2 >>>>>>>>>> token >>>>>>>>>> based authentication alone, using basic authentication alone and >>>>>>>>>> using both >>>>>>>>>> schemas at the same time. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> *Approach* >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> [image: Basic Auth - APIM-GW-2.jpg] >>>>>>>>>> >>>>>>>>>> curl -k -X GET "https://10.100.0.201:8243/pizzashack/1.0.0/menu"; >>>>>>>>>> -H "accept: application/json" -H "Authorization: Basic $(echo -n >>>>>>>>>> username:password | base64)" >>>>>>>>>> >>>>>>>>>> The API Authentication Handler will forward the request to Basic >>>>>>>>>> Auth Authenticator or OAuth Authenticator based on the authorization >>>>>>>>>> header >>>>>>>>>> of the request. >>>>>>>>>> >>>>>>>>>> Thank you. Regards. >>>>>>>>>> >>>>>>>>>> On Fri, Feb 15, 2019 at 2:20 PM Chamod Samarajeewa < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi All, >>>>>>>>>>> >>>>>>>>>>> I'm working on developing a new feature for APIM Gateway to >>>>>>>>>>> provide Basic Authentication support. You can find the details in >>>>>>>>>>> the >>>>>>>>>>> following Github issue [1]. >>>>>>>>>>> >>>>>>>>>>> I would really appreciate any feedback. Thank you. >>>>>>>>>>> >>>>>>>>>>> Best regards, >>>>>>>>>>> Chamod. >>>>>>>>>>> >>>>>>>>>>> [1] - https://github.com/wso2/carbon-apimgt/issues/5986 >>>>>>>>>>> -- >>>>>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>>>>>>> GET INTEGRATION AGILE >>>>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>>>>>> GET INTEGRATION AGILE >>>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Nuwan Dias* | Director | WSO2 Inc. >>>>>>>>> (m) +94 777 775 729 | (e) [email protected] >>>>>>>>> [image: Signature.jpg] >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>>>>> GET INTEGRATION AGILE >>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> *Harsha Kumara* >>>>>>>> >>>>>>>> Associate Technical Lead, WSO2 Inc. >>>>>>>> Mobile: +94775505618 >>>>>>>> Email: [email protected] >>>>>>>> Blog: harshcreationz.blogspot.com >>>>>>>> >>>>>>>> GET INTEGRATION AGILE >>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Nadeesha Gamage >>>>>>> Senior Lead Solutions Engineer >>>>>>> T : +94 77 394 5706 >>>>>>> B : https://nadeesha678.wordpress.com/ >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Nadeesha Gamage >>>>>> Senior Lead Solutions Engineer >>>>>> T : +94 77 394 5706 >>>>>> B : https://nadeesha678.wordpress.com/ >>>>>> >>>>> >>>>> >>>>> -- >>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>> GET INTEGRATION AGILE >>>>> Integration Agility for Digitally Driven Business >>>>> >>>>> >>>>> -- >>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>> GET INTEGRATION AGILE >>>>> Integration Agility for Digitally Driven Business >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>> >>>> >>>> -- >>>> *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect >>>> | WSO2 Inc. >>>> (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [email protected] >>>> [image: Signature.jpg] >>>> >>> >>> >>> -- >>> >>> *Harsha Kumara* >>> >>> Associate Technical Lead, WSO2 Inc. >>> Mobile: +94775505618 >>> Email: [email protected] >>> Blog: harshcreationz.blogspot.com >>> >>> GET INTEGRATION AGILE >>> Integration Agility for Digitally Driven Business >>> >> >> >> -- >> >> *Harsha Kumara* >> >> Associate Technical Lead, WSO2 Inc. >> Mobile: +94775505618 >> Email: [email protected] >> Blog: harshcreationz.blogspot.com >> >> GET INTEGRATION AGILE >> Integration Agility for Digitally Driven Business >> > > > -- > Chamod Samarajeewa | Software Engineer | WSO2 Inc. > (m) +94710397382 | Email: [email protected] <[email protected]> > GET INTEGRATION AGILE > Integration Agility for Digitally Driven Business > -- *Harsha Kumara* Associate Technical Lead, WSO2 Inc. Mobile: +94775505618 Email: [email protected] Blog: harshcreationz.blogspot.com GET INTEGRATION AGILE Integration Agility for Digitally Driven Business
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
