Hi All, I have been working on the basic authentication support in WSO2 API microgateway. We already have the config based authentication support. A user should be benefited the basic authentication against the user store configured in a key manager. Hence, we planned to engage LDAP/AD based on basic authentication. Actually, the microgateway can implicitly get that comfort from the Ballerina. We just need to give the LDAP configs in micro-gw.conf to make the connection to a particular user store(LDAP/AD).
Furthermore, we should have a clear differentiation from the configs in micro gw.conf for Config and LDAP basic authentication. Hence we planned to separate the configs as shown below. [basicAuthenticationConfig] userStoretype = "config" #userStoretype = "ldap" Apart from that, there is a problem where someone uses an external identity provider to authenticate the user except the APIM KM. Let's take an example like customer knows only the wso2 API Microgateway and they have their own identity provider. At that point, we should have a proper way to support introspect endpoint in order to authenticate the request. It seems like we will have the introspect endpoint support through the upcoming ballerina 1.0 release. We just need to initialize the inboundAuth2provider[1] as a BearerAuthHandler. Please find a sample code snippet to elaborate the initialization. oauth2:IntrospectionServerConfig introspectionServerConfig = { url: "https://localhost:20102/oauth2/token/introspect", clientConfig: { auth: { authHandler: basicAuthHandler } } }; oauth2:InboundOAuth2Provider oauth2Provider21 = new(introspectionServerConfig); http:BearerAuthHandler oauth2Handler21 = new(oauth2Provider21); With the introspect endpoint support, new config entry should be introduced in micro-gw.conf to differentiate the WSO2 KM and an external introspect endpoint as shown below. [keyManager] type="wso2" #type="other" [1] https://github.com/ballerina-platform/ballerina-lang/blob/master/stdlib/oauth2/src/main/ballerina/src/oauth2/inbound_oauth2_provider.bal Regards, Hasunie -- *Hasunie Adikari* Associate Technical Lead WSO2 Inc.; http://wso2.com lean.enterprise.middleware blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/ Mobile:+94713095876
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture