[Webinar] WSO2 API Microgateway with Okta as Key Manager
•
1 like•239 views
API security is increasingly becoming a vital aspect of modern API-driven, digital transformation business use cases. Implementing a robust security mechanism for APIs is a challenging task which every organization has to undergo when exposing their APIs to the public. Usually, API management solutions come with their own key management capabilities to handle API security. However, when an organization already has an Identity Provider that is capable of key management, they usually prefer to use the same to handle API security as well. Therefore, an API gateway’s ability to connect to 3rd party Key Managers to handle API security is very important. By attending this webinar, you will gain hands-on experience on how WSO2 API Microgateway can be leveraged to use 3rd party key management services to secure your microservices. - Principles of API security with WSO2 Microgateway - API authentication flow in WSO2 Microgateway for both JWT and reference access tokens - Configuring Okta as the key manager for WSO2 Microgateway - Using Okta and WSO2 API Manager to leverage API authentication with subscription validation - Live demo On-demand webinar: https://wso2.com/library/webinars/wso2-api-microgateway-with-okta-as-key-manager/
Recommended
More Related Content
What's hot
What's hot (20)
Similar to [Webinar] WSO2 API Microgateway with Okta as Key Manager
Similar to [Webinar] WSO2 API Microgateway with Okta as Key Manager (20)
More from WSO2
More from WSO2 (20)
Recently uploaded
Recently uploaded (20)
[Webinar] WSO2 API Microgateway with Okta as Key Manager
- 1. WSO2 Microgateway Security with Okta as the Key Manager August 19, 2020
- 3. ● Why “Micro” Gateway? ● What’s new in WSO2 Microgateway 3.2 ● Different security aspects of WSO2 Microgateway ● 3rd party key managers for WSO2 Microgateway ● Okta as the 3rd party key manager for WSO2 Microgateway ● Demo ● Q&A What’s covered... 3
- 4. A Microservice Architecture 4 Client Application Products Orders Inventory Shipping
- 5. Exposure of Microservices via a Central API Gateway 5 Client Application APIGateway Products Inventory Orders Shipping
- 6. Decentralizing API Gateways 6 ● Freedom of scaling API Gateways API Gateways (Microgateways) MicroservicesProductsProductsProducts Orders
- 7. Nature of a Typical Microgateway ● Container-native ⦿ Light-weight ⦿ Less bootup time ⦿ Low memory footprint ⦿ Low distribution size ● Highly scalable ● Stateless ● Immutable ● Agile DevOps and CI/CD ● Designed for microservices 7
- 9. WSO2 Microgateway Architecture Components ● Toolkit ● Gateway runtime 9
- 10. Toolkit ● Command line interface (CLI) to manage microgateway projects ● Initialize microgateway projects: ⦿ With OpenAPI definitions ⦿ By importing APIs from API Manager Publisher ● Builds the projects to create: ⦿ Runtime artifacts(APIs packed in) for the gateway runtime ⦿ Immutable containers with APIs and the gateway built in ⦿ Kubernetes artifacts required to deploy in k8s clusters ● Download from : https://wso2.com/api-management/api-microgateway 10
- 11. Runtime ● Serves the requests applying ⦿ Security ⦿ Rate limiting ⦿ Transformations ⦿ Analytics and more ● Available as archived distributions as well as Docker images [1] ● Can be built burning APIs into container images to spawn immutable containers [1] https://hub.docker.com/r/wso2/wso2micro-gw 11
- 12. API Microgateway Developer Workflow 12
- 13. Key Features in WSO2 Microgateway ● Authentication/Authorization ● GRPC API support ● HTTP 2.0 support ● Message transformation ● Request/response schema validation ● Service discovery via etcd. ● Observability (metrics and tracing) ● Analytics 13
- 14. What’s New in WSO2 Microgateway 3.2 ● JWKS support for validating JWT ● Custom claims mapping for JWTs ● Integrate with WSO2 API Manager for custom Siddhi policies and deny policies ● Circuit breaker, retry, and timeout capabilities ● Support for conditional throttling policies ● External Key Manager support 14
- 15. WSO2 Microgateway: API Security
- 16. WSO2 Microgateway: API Security Features 16 ● Authentication ⦿ OAuth tokens (Reference and JWT) ⦿ API Keys ⦿ Basic auth ⦿ MTLS ● Authorization ⦿ API subscriptions ⦿ OAuth2 scopes ● CORS support ● Rate limiting ● External Key Manager support
- 17. WSO2 Microgateway External Key Manager Support
- 18. ● Handles all user, security, and access token-related operations. ⦿ Key responsibility is token generation (and validation) ● Different components talk to the key manager component for achieving different tasks ⦿ When a subscriber generates keys for an application using the developer portal, the developer portal makes a call to the key manager to create an OAuth app and obtains a consumer key, consumer secret and an access token. ⦿ The API gateway connects with the key manager to check the validity of OAuth tokens and scopes Role of Key Manager 18
- 19. ● When you already have an IDP with key management capabilities ● Earlier you had to write and extension to plug external KMs ● Now API Manager/Microgateway supports it OOTB ⦿ Can register KMs at the admin portal ⦿ Can set KMs to APIs at the publisher portal ⦿ Can generate keys from each KM at the developer portal ● Supports multiple Key Managers at the same time ● Supports both JWT and reference tokens External Key Manager support 19
- 20. WSO2 Microgateway Okta Integration
- 21. Integrating Okta with WSO2 API Microgateway as Key Manager 21 Issuer 1 matched Issuer 2 matched Issuer n matched Validate using JWKS Validate using Certificate Validate using JWKS Token Validation Failed Token Yes No Yes No No Yes Token validation # Issuer 1 [[jwtTokenConfig]] issuer = "https://dev-455200.okta.com/oauth2/default" certificateAlias = "wso2apim310" #URL of the JWKS endpoint jwksURL = "https://dev-455200.okta.com/oauth2/default/v1/keys" # Validate subscribed APIs validateSubscription = false # The claim in which the consumer key of the application is coming consumerKeyClaim = "cid" #class name of JWT claims value mapper transformer if you need claims mapping. claimMapperClassName = "org.wso2.micro.gateway.jwtTransformer.DefaultJwtTransformer" # Remote User Claim Retrieval Enabled remoteUserClaimRetrievalEnabled = false # The key of remote claims and the local claims if you need claims mapping. [[jwtTokenConfig.claims]] remoteClaim = "scp" localClaim = "scope" Configuration
- 22. Demo
- 23. Scenario 1 - Using Okta as Key Manager with Microgateway 23 Okta Gateway 2. API Request 3. Token Validation 7. API Response 4. Backend Request 5. Backend Response API Consumer 1. Get Access Token Microservice
- 24. Scenario 2 : Integrating API Manager and Okta with Microgateway 24 Okta Gateway 3. Token Validation 7. API Response 4. Backend Request 5. Backend Response API Consumer API Manager 2. API Request 1. Subscribe and Generate access token Publish Subscription Data Microservice JMS HTTP/S
- 26. Thanks!