Last Updated: July 2. 2014
Software Engineer
Pushpalanka Jaywardhana
Leveraging Federation Capabilities
of Identity Server...
**
About the Presenter
๏ Pushpalanka Jayawardhana
-Software Engineer
email:lanka@wso2.com
Pushpalanka is a member of WSO2
...
**
About WSO2
๏ Global enterprise, founded in
2005 by acknowledged leaders in
XML, web services technologies,
standards an...
**
What WSO2 delivers
**
Outline
๏ Scenario
๏ Deployment - IS as Key Manager for API Gateway
๏ Configuration Steps
๏ Federation Capabilities of ...
**
Scenario
Web Apps
SAML SSO
Shibboleth® is a registered trademark of Internet2®.
**
Scenario
Web Apps
API Management
(WSO2 API-M 1.7.0)
SAML SSO
Key Manager
SAML SSO
**
Scenario
Web Apps
API Management
(WSO2 API-M 1.7.0)
SAML SSO
Key Manager
(WSO2 IS 5.0.0)
SAML SSO
OAuth 2.0
**
Scenario
Web Apps
API Management
(WSO2 API-M 1.7.0)
SAML SSO
Key Manager
(WSO2 IS 5.0.0)
SAML SSO
OAuth 2.0
**
Deployment - IS as Key Manager
for API Gateway
**
Configuration Steps
Create the databases,
๏ WSO2REG_DB: keep the registry information
- use <IS_HOME>/dbscripts/<databa...
**
Configuration Steps Ctd
In Identity Server,
๏ Install the ‘key manager’ feature
๏ Copy api-manager.xml from API-M 1.7.0...
**
Configuration Steps Ctd
In API Manager,
๏ Add data sources in master-datasource.xml
๏ Copy registry.xml from API-M 1.7....
**
Scenario
Web Apps
API Management
(WSO2 API-M 1.7.0)
SAML SSO
Key Manager
(WSO2 IS 5.0.0)
SAML SSO
OAuth 2.0
**
Federation Capabilities of IS
๏ Federation between multiple heterogeneous identity
providers
๏ SSO between heterogenous...
**
Scenario
Web Apps
API Management
(WSO2 API-M 1.7.0)
SAML SSO
Key Manager
(WSO2 IS 5.0.0)
SAML SSO
OAuth 2.0
**
Delegate Authentication to
Shibboleth
๏ Configure Shibboleth IDP as a IDP in Identity Server
๏ Configure default SP to ...
**
Expandability of Solution
Web Apps
API Management
(WSO2 API-M 1.7.0)
SAML SSO
Key Manager
(WSO2 IS 5.0.0)
SAML SSO
OAut...
**
Expandability of Solution
Web Apps
SAML SSO
API Management
(WSO2 API-M 1.7.0)
SAML SSO
Key Manager
(WSO2 IS 5.0.0)
OAut...
**
More Information !
๏ Download WSO2 Identity Server (latest version 5.0.0) from, http:
//wso2.com/products/identity-serv...
**
Business Model
Contact us !
Upcoming SlideShare
Loading in...5
×

Leveraging federation capabilities of identity server for api gateway

406

Published on

This presentation will discuss how WSO2 Identity Server 5.0 can bridge the gap between an organization's API management and identity management of existing users to allow them to create and/or consume the APIs.

Published in: Software, Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
406
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Leveraging federation capabilities of identity server for api gateway

  1. 1. Last Updated: July 2. 2014 Software Engineer Pushpalanka Jaywardhana Leveraging Federation Capabilities of Identity Server for API Gateway
  2. 2. ** About the Presenter ๏ Pushpalanka Jayawardhana -Software Engineer email:lanka@wso2.com Pushpalanka is a member of WSO2 Identity Server team, focusing on security and integration. In addition to the development efforts, she has been involved in several consulting customer engagements, providing solutions for various requirements in different domains.
  3. 3. ** About WSO2 ๏ Global enterprise, founded in 2005 by acknowledged leaders in XML, web services technologies, standards and open source ๏ Provides only open source platform-as-a-service for private, public and hybrid cloud deployments ๏ All WSO2 products are 100% open source and released under the Apache License Version 2.0. ๏ Is an Active Member of OASIS, Cloud Security Alliance, OSGi Alliance, AMQP Working Group, OpenID Foundation and W3C. ๏ Driven by Innovation ๏ Launched first open source API Management solution in 2012 ๏ Launched App Factory in 2Q 2013 ๏ Launched Enterprise Store and first open source Mobile solution in 4Q 2013
  4. 4. ** What WSO2 delivers
  5. 5. ** Outline ๏ Scenario ๏ Deployment - IS as Key Manager for API Gateway ๏ Configuration Steps ๏ Federation Capabilities of IS 5.0.0 ๏ Deployment - Extend to use an Existing IAM (Shibboleth IDP) ๏ Expandability ๏ Q&A
  6. 6. ** Scenario Web Apps SAML SSO Shibboleth® is a registered trademark of Internet2®.
  7. 7. ** Scenario Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager SAML SSO
  8. 8. ** Scenario Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) SAML SSO OAuth 2.0
  9. 9. ** Scenario Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) SAML SSO OAuth 2.0
  10. 10. ** Deployment - IS as Key Manager for API Gateway
  11. 11. ** Configuration Steps Create the databases, ๏ WSO2REG_DB: keep the registry information - use <IS_HOME>/dbscripts/<database_type>.sql ๏ WSO2UM_DB: store permissions and the internal roles - use <IS_HOME>/dbscripts/<database_type>.sql ๏ WSO2AM_DB: keep the identity data and API-related data - use APIM_HOME>/dbscripts/apimgt/<database_type>.sql and <IS_HOME>/dbscripts/identity/<database_type>.sql
  12. 12. ** Configuration Steps Ctd In Identity Server, ๏ Install the ‘key manager’ feature ๏ Copy api-manager.xml from API-M 1.7.0 ๏ Do configurations to point to Gateway ๏ Configure JWT generation ๏ Add data sources in master-datasource.xml ๏ Copy registry.xml from API-M 1.7.0 ๏ Do the registry mounts ๏ Add handler for XACML media type ๏ Point identity.xml to use datasource AM_DB ๏ Point user-mgt.xml to use datasource UM_DB
  13. 13. ** Configuration Steps Ctd In API Manager, ๏ Add data sources in master-datasource.xml ๏ Copy registry.xml from API-M 1.7.0 ๏ Do the registry mounts ๏ Point user-mgt.xml to use datasource UM_DB ๏ In api-manager.xml ๏ Configure AuthManager and APIKey Manager ๏ Point available default APIs to use IS endpoints
  14. 14. ** Scenario Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) SAML SSO OAuth 2.0
  15. 15. ** Federation Capabilities of IS ๏ Federation between multiple heterogeneous identity providers ๏ SSO between heterogenous standards/protocols ๏ Out-of-the-box integration with Google Apps and Salesforce ๏ Home realm discovery - deriving user's home IDP from the request
  16. 16. ** Scenario Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) SAML SSO OAuth 2.0
  17. 17. ** Delegate Authentication to Shibboleth ๏ Configure Shibboleth IDP as a IDP in Identity Server ๏ Configure default SP to use above configured IDP.
  18. 18. ** Expandability of Solution Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) SAML SSO OAuth 2.0 SSO between heterogenous standards/protocols SalesForce LifeRay GoogleApps Drupal SAML SSO SAML SSO OpenID OpenID
  19. 19. ** Expandability of Solution Web Apps SAML SSO API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) OAuth 2.0 Federation between multiple heterogeneous identity providers Web Apps OpenId Google Apps FaceBook Custom- --- SAML SSO
  20. 20. ** More Information ! ๏ Download WSO2 Identity Server (latest version 5.0.0) from, http: //wso2.com/products/identity-server ๏ Download WSO2 API Manager (latest version 1.7.0) from, http: //wso2.com/products/api-manager/ ๏ Set up Identity Server 5.0.0 as Key Manager for API Manager 5.0.0 - https://docs.wso2. com/display/CLUSTER420/Configuring+WSO2+Identity+Server+as+the +Key+Manager ๏ Identity Server 5.0.0 documentation - https://docs.wso2. com/display/IS500/WSO2+Identity+Server+Documentation ๏ Configure Shibboleth with WSO2 products - http://dulanja.blogspot. com/2013/09/saml2-sso-to-wso2-420-carbon-products.html ๏ Enterprise Directory of APIs and Service Bus (University of Michingan Use case)- https://spaces.internet2. edu/display/itana/University+of+Michigan
  21. 21. ** Business Model
  22. 22. Contact us !
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×