Your SlideShare is downloading. ×
Leveraging federation capabilities  of identity server for api gateway
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Leveraging federation capabilities of identity server for api gateway

266
views

Published on

This presentation will discuss how WSO2 Identity Server 5.0 can bridge the gap between an organization's API management and identity management of existing users to allow them to create and/or consume …

This presentation will discuss how WSO2 Identity Server 5.0 can bridge the gap between an organization's API management and identity management of existing users to allow them to create and/or consume the APIs.

Published in: Software, Technology, Education

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
266
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Last Updated: July 2. 2014 Software Engineer Pushpalanka Jaywardhana Leveraging Federation Capabilities of Identity Server for API Gateway
  • 2. ** About the Presenter ๏ Pushpalanka Jayawardhana -Software Engineer email:lanka@wso2.com Pushpalanka is a member of WSO2 Identity Server team, focusing on security and integration. In addition to the development efforts, she has been involved in several consulting customer engagements, providing solutions for various requirements in different domains.
  • 3. ** About WSO2 ๏ Global enterprise, founded in 2005 by acknowledged leaders in XML, web services technologies, standards and open source ๏ Provides only open source platform-as-a-service for private, public and hybrid cloud deployments ๏ All WSO2 products are 100% open source and released under the Apache License Version 2.0. ๏ Is an Active Member of OASIS, Cloud Security Alliance, OSGi Alliance, AMQP Working Group, OpenID Foundation and W3C. ๏ Driven by Innovation ๏ Launched first open source API Management solution in 2012 ๏ Launched App Factory in 2Q 2013 ๏ Launched Enterprise Store and first open source Mobile solution in 4Q 2013
  • 4. ** What WSO2 delivers
  • 5. ** Outline ๏ Scenario ๏ Deployment - IS as Key Manager for API Gateway ๏ Configuration Steps ๏ Federation Capabilities of IS 5.0.0 ๏ Deployment - Extend to use an Existing IAM (Shibboleth IDP) ๏ Expandability ๏ Q&A
  • 6. ** Scenario Web Apps SAML SSO Shibboleth® is a registered trademark of Internet2®.
  • 7. ** Scenario Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager SAML SSO
  • 8. ** Scenario Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) SAML SSO OAuth 2.0
  • 9. ** Scenario Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) SAML SSO OAuth 2.0
  • 10. ** Deployment - IS as Key Manager for API Gateway
  • 11. ** Configuration Steps Create the databases, ๏ WSO2REG_DB: keep the registry information - use <IS_HOME>/dbscripts/<database_type>.sql ๏ WSO2UM_DB: store permissions and the internal roles - use <IS_HOME>/dbscripts/<database_type>.sql ๏ WSO2AM_DB: keep the identity data and API-related data - use APIM_HOME>/dbscripts/apimgt/<database_type>.sql and <IS_HOME>/dbscripts/identity/<database_type>.sql
  • 12. ** Configuration Steps Ctd In Identity Server, ๏ Install the ‘key manager’ feature ๏ Copy api-manager.xml from API-M 1.7.0 ๏ Do configurations to point to Gateway ๏ Configure JWT generation ๏ Add data sources in master-datasource.xml ๏ Copy registry.xml from API-M 1.7.0 ๏ Do the registry mounts ๏ Add handler for XACML media type ๏ Point identity.xml to use datasource AM_DB ๏ Point user-mgt.xml to use datasource UM_DB
  • 13. ** Configuration Steps Ctd In API Manager, ๏ Add data sources in master-datasource.xml ๏ Copy registry.xml from API-M 1.7.0 ๏ Do the registry mounts ๏ Point user-mgt.xml to use datasource UM_DB ๏ In api-manager.xml ๏ Configure AuthManager and APIKey Manager ๏ Point available default APIs to use IS endpoints
  • 14. ** Scenario Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) SAML SSO OAuth 2.0
  • 15. ** Federation Capabilities of IS ๏ Federation between multiple heterogeneous identity providers ๏ SSO between heterogenous standards/protocols ๏ Out-of-the-box integration with Google Apps and Salesforce ๏ Home realm discovery - deriving user's home IDP from the request
  • 16. ** Scenario Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) SAML SSO OAuth 2.0
  • 17. ** Delegate Authentication to Shibboleth ๏ Configure Shibboleth IDP as a IDP in Identity Server ๏ Configure default SP to use above configured IDP.
  • 18. ** Expandability of Solution Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) SAML SSO OAuth 2.0 SSO between heterogenous standards/protocols SalesForce LifeRay GoogleApps Drupal SAML SSO SAML SSO OpenID OpenID
  • 19. ** Expandability of Solution Web Apps SAML SSO API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) OAuth 2.0 Federation between multiple heterogeneous identity providers Web Apps OpenId Google Apps FaceBook Custom- --- SAML SSO
  • 20. ** More Information ! ๏ Download WSO2 Identity Server (latest version 5.0.0) from, http: //wso2.com/products/identity-server ๏ Download WSO2 API Manager (latest version 1.7.0) from, http: //wso2.com/products/api-manager/ ๏ Set up Identity Server 5.0.0 as Key Manager for API Manager 5.0.0 - https://docs.wso2. com/display/CLUSTER420/Configuring+WSO2+Identity+Server+as+the +Key+Manager ๏ Identity Server 5.0.0 documentation - https://docs.wso2. com/display/IS500/WSO2+Identity+Server+Documentation ๏ Configure Shibboleth with WSO2 products - http://dulanja.blogspot. com/2013/09/saml2-sso-to-wso2-420-carbon-products.html ๏ Enterprise Directory of APIs and Service Bus (University of Michingan Use case)- https://spaces.internet2. edu/display/itana/University+of+Michigan
  • 21. ** Business Model
  • 22. Contact us !