> > Are we caching the decision? > Yes. We are hoping to use a caching mechanism.
On Fri, Mar 8, 2019 at 2:29 PM Harsha Kumara <[email protected]> wrote: > > > On Fri, Mar 8, 2019 at 3:56 AM Chamod Samarajeewa <[email protected]> wrote: > >> Hi Harsha, >> >> In the current implementation, we are not calling a token endpoint. We >> directly validate basic auth credentials using RemoteUserStoreManager admin >> service. Therefore, no hardcoded consumer key and password is used. >> > Are we caching the decision? > >> >> Best Regards, >> Chamod. >> >> On Fri, Mar 8, 2019 at 2:18 PM Harsha Kumara <[email protected]> wrote: >> >>> @Chamod Samarajeewa <[email protected]> can you share current >>> implementation details? Is you basic authentication handler, I assume you >>> calling token endpoint with hard coded consumer key and password. We should >>> be able to support Johann's suggestion with Option 1. >>> >>> On Fri, Mar 8, 2019 at 3:20 AM Harsha Kumara <[email protected]> wrote: >>> >>>> Is your requirement is to provide basic authentication via clientId and >>>> clientSecret? For the microgateway, it will required to validate the this >>>> by connecting to the key manager and bring the throttling information and >>>> etc which will require another API. Else at micro gateway it will required >>>> to generate a token using clientd and secret and resume the flow. >>>> >>>> On Fri, Mar 8, 2019 at 2:28 AM Johann Nallathamby <[email protected]> >>>> wrote: >>>> >>>>> *[sending this mail again because previous one wasn't copied to >>>>> [email protected] <[email protected]>]* >>>>> >>>>> Hi Nuwan, Hi Harsha, Hi Chamod, >>>>> >>>>> An additional thought here. Most of the times customers who ask for >>>>> basic authentication support are the customers who need to support legacy >>>>> external applications I believe; not so much the internal applications. >>>>> Because, there can be many external parties and they cannot ask all those >>>>> parties to change. For example, mobile apps that take username/password to >>>>> be changes to OAuth2. >>>>> >>>>> In those cases it could be also useful to track all these "clients"; >>>>> meaning applying throttling and analytics. If we go with only >>>>> username/password I believe we can't get that capability, because our >>>>> throttling and analytics is coupled to OAuth2 client_id. Hence can we >>>>> provide the following improvements. >>>>> >>>>> 1. For clients who are willing to change the client side slightly, we >>>>> can use the following format: >>>>> *base64((base64(client_id:username)):base64(client_secret:password))* >>>>> I am assuming our client_id and client_secret doesn't contain ":" >>>>> (colons). There can be many ways of doing this. So good if we can provide >>>>> an extension point to extract the client credentials. >>>>> >>>>> 2. For clients who are not willing to change the client side at all, >>>>> generate a blanket application from the gateway on first use of any such >>>>> legacy application, to capture all such clients under one internal >>>>> client_id, to apply analytics and throttling considering all those apps as >>>>> one. I suppose this will at least separate the non-trusted apps from >>>>> trusted apps, to minimize breaches. >>>>> >>>>> Thoughts? >>>>> >>>>> Regards, >>>>> Johann. >>>>> >>>>> On Tue, Mar 5, 2019 at 4:41 PM Chamod Samarajeewa <[email protected]> >>>>> wrote: >>>>> >>>>>> >>>>>> >>>>>> ---------- Forwarded message --------- >>>>>> From: Chamod Samarajeewa <[email protected]> >>>>>> Date: Tue, Mar 5, 2019 at 4:35 PM >>>>>> Subject: Re: Basic Authentication for APIM Gateway >>>>>> To: Nadeesha Gamage <[email protected]> >>>>>> Cc: Harsha Kumara <[email protected]>, <[email protected]>, Nuwan >>>>>> Dias <[email protected]>, APIM Team <[email protected]> >>>>>> >>>>>> >>>>>> Hi Nadeesha, >>>>>> >>>>>> How will this impact statistics? Will it be possible to get usage >>>>>>> statistics even if they use basic authentication? >>>>>>> >>>>>> >>>>>> Yes, can get the usage statistics using the username and the api. >>>>>> >>>>>> I would also like to know when this feature would be available. >>>>>> >>>>>> >>>>>> Within Q2 and Q3 time frame. >>>>>> >>>>>> Thank you.Best Regards. >>>>>> Chamod. >>>>>> >>>>>> On Tue, Mar 5, 2019 at 3:32 PM Nadeesha Gamage <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi Chamod, >>>>>>> I would also like to know when this feature would be available. >>>>>>> >>>>>>> Nadeesha >>>>>>> >>>>>>> On Tue, Mar 5, 2019 at 3:30 PM Nadeesha Gamage <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi Chamod, >>>>>>>> How will this impact statistics? Will it be possible to get usage >>>>>>>> statistics even if they use basic authentication? >>>>>>>> >>>>>>>> Nadeesha >>>>>>>> >>>>>>>> On Fri, Feb 15, 2019 at 5:18 PM Harsha Kumara <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi Chamod, >>>>>>>>> >>>>>>>>> Can user choose to expose API either OAuth or Basic authentication >>>>>>>>> with this implementation? >>>>>>>>> >>>>>>>>> We need to provide basic authentication agaist user store >>>>>>>>> configured in the key manager. Because most of the timee, gateway >>>>>>>>> won't >>>>>>>>> share user stores. Please add the local user store authentication >>>>>>>>> support >>>>>>>>> as well. We need to look for possible caching mechanism for this. >>>>>>>>> >>>>>>>>> Since we do have mutual authentication as a security scheme, check >>>>>>>>> the best way of providing the basic authentication >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Harsha >>>>>>>>> >>>>>>>>> On Fri, Feb 15, 2019 at 4:59 PM Chamod Samarajeewa < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Adding [email protected]. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ---------- Forwarded message --------- >>>>>>>>>> From: Nuwan Dias <[email protected]> >>>>>>>>>> Date: Fri, Feb 15, 2019 at 3:01 PM >>>>>>>>>> Subject: Re: Basic Authentication for APIM Gateway >>>>>>>>>> To: Chamod Samarajeewa <[email protected]> >>>>>>>>>> Cc: Architecture Team <[email protected]>, APIM Team < >>>>>>>>>> [email protected]> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Chamod, this email should be sent to [email protected]. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> NuwanD. >>>>>>>>>> >>>>>>>>>> On Fri, Feb 15, 2019 at 2:37 PM Chamod Samarajeewa < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi All, >>>>>>>>>>> >>>>>>>>>>> I have included the information in the Github issue here as well. >>>>>>>>>>> >>>>>>>>>>> *Requirements* >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Provide authentication for APIM Gateway with basic >>>>>>>>>>> authentication which uses usernames and passwords. >>>>>>>>>>> >>>>>>>>>>> *Introduction* >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Providing feature of enabling basic authentication security >>>>>>>>>>> schema to product APIM Gateway along with OAuth2 token-based >>>>>>>>>>> authentication. The user will be benefited with using only OAuth2 >>>>>>>>>>> token >>>>>>>>>>> based authentication alone, using basic authentication alone and >>>>>>>>>>> using both >>>>>>>>>>> schemas at the same time. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> *Approach* >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> [image: Basic Auth - APIM-GW-2.jpg] >>>>>>>>>>> >>>>>>>>>>> curl -k -X GET "https://10.100.0.201:8243/pizzashack/1.0.0/menu"; >>>>>>>>>>> -H "accept: application/json" -H "Authorization: Basic $(echo >>>>>>>>>>> -n username:password | base64)" >>>>>>>>>>> >>>>>>>>>>> The API Authentication Handler will forward the request to Basic >>>>>>>>>>> Auth Authenticator or OAuth Authenticator based on the >>>>>>>>>>> authorization header >>>>>>>>>>> of the request. >>>>>>>>>>> >>>>>>>>>>> Thank you. Regards. >>>>>>>>>>> >>>>>>>>>>> On Fri, Feb 15, 2019 at 2:20 PM Chamod Samarajeewa < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi All, >>>>>>>>>>>> >>>>>>>>>>>> I'm working on developing a new feature for APIM Gateway to >>>>>>>>>>>> provide Basic Authentication support. You can find the details in >>>>>>>>>>>> the >>>>>>>>>>>> following Github issue [1]. >>>>>>>>>>>> >>>>>>>>>>>> I would really appreciate any feedback. Thank you. >>>>>>>>>>>> >>>>>>>>>>>> Best regards, >>>>>>>>>>>> Chamod. >>>>>>>>>>>> >>>>>>>>>>>> [1] - https://github.com/wso2/carbon-apimgt/issues/5986 >>>>>>>>>>>> -- >>>>>>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>>>>>>>> GET INTEGRATION AGILE >>>>>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>>>>>>> GET INTEGRATION AGILE >>>>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> *Nuwan Dias* | Director | WSO2 Inc. >>>>>>>>>> (m) +94 777 775 729 | (e) [email protected] >>>>>>>>>> [image: Signature.jpg] >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>>>>>> GET INTEGRATION AGILE >>>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> *Harsha Kumara* >>>>>>>>> >>>>>>>>> Associate Technical Lead, WSO2 Inc. >>>>>>>>> Mobile: +94775505618 >>>>>>>>> Email: [email protected] >>>>>>>>> Blog: harshcreationz.blogspot.com >>>>>>>>> >>>>>>>>> GET INTEGRATION AGILE >>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Nadeesha Gamage >>>>>>>> Senior Lead Solutions Engineer >>>>>>>> T : +94 77 394 5706 >>>>>>>> B : https://nadeesha678.wordpress.com/ >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Nadeesha Gamage >>>>>>> Senior Lead Solutions Engineer >>>>>>> T : +94 77 394 5706 >>>>>>> B : https://nadeesha678.wordpress.com/ >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>> GET INTEGRATION AGILE >>>>>> Integration Agility for Digitally Driven Business >>>>>> >>>>>> >>>>>> -- >>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>> (m) +94710397382 | Email: [email protected] <[email protected]> >>>>>> GET INTEGRATION AGILE >>>>>> Integration Agility for Digitally Driven Business >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Johann Dilantha Nallathamby* | Associate Director/Solutions >>>>> Architect | WSO2 Inc. >>>>> (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [email protected] >>>>> [image: Signature.jpg] >>>>> >>>> >>>> >>>> -- >>>> >>>> *Harsha Kumara* >>>> >>>> Associate Technical Lead, WSO2 Inc. >>>> Mobile: +94775505618 >>>> Email: [email protected] >>>> Blog: harshcreationz.blogspot.com >>>> >>>> GET INTEGRATION AGILE >>>> Integration Agility for Digitally Driven Business >>>> >>> >>> >>> -- >>> >>> *Harsha Kumara* >>> >>> Associate Technical Lead, WSO2 Inc. >>> Mobile: +94775505618 >>> Email: [email protected] >>> Blog: harshcreationz.blogspot.com >>> >>> GET INTEGRATION AGILE >>> Integration Agility for Digitally Driven Business >>> >> >> >> -- >> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >> (m) +94710397382 | Email: [email protected] <[email protected]> >> GET INTEGRATION AGILE >> Integration Agility for Digitally Driven Business >> > > > -- > > *Harsha Kumara* > > Associate Technical Lead, WSO2 Inc. > Mobile: +94775505618 > Email: [email protected] > Blog: harshcreationz.blogspot.com > > GET INTEGRATION AGILE > Integration Agility for Digitally Driven Business > -- Chamod Samarajeewa | Software Engineer | WSO2 Inc. (m) +94710397382 | Email: [email protected] <[email protected]> GET INTEGRATION AGILE Integration Agility for Digitally Driven Business
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
