Leveraging federation capabilities of identity server for api gateway
0 likes1,208 views
The document outlines the capabilities of WSO2 Identity Server and its integration with an API gateway, focusing on federation and SSO for web applications. It details deployment steps, configuration requirements, and the integration of Shibboleth as an identity provider. Additionally, it highlights WSO2's position as an open-source technology provider and offers resources for further information.
Leveraging federation capabilities of identity server for api gateway
- 1. Last Updated: July 2. 2014 Software Engineer Pushpalanka Jaywardhana Leveraging Federation Capabilities of Identity Server for API Gateway
- 2. ** About the Presenter ๏ Pushpalanka Jayawardhana -Software Engineer email:lanka@wso2.com Pushpalanka is a member of WSO2 Identity Server team, focusing on security and integration. In addition to the development efforts, she has been involved in several consulting customer engagements, providing solutions for various requirements in different domains.
- 3. ** About WSO2 ๏ Global enterprise, founded in 2005 by acknowledged leaders in XML, web services technologies, standards and open source ๏ Provides only open source platform-as-a-service for private, public and hybrid cloud deployments ๏ All WSO2 products are 100% open source and released under the Apache License Version 2.0. ๏ Is an Active Member of OASIS, Cloud Security Alliance, OSGi Alliance, AMQP Working Group, OpenID Foundation and W3C. ๏ Driven by Innovation ๏ Launched first open source API Management solution in 2012 ๏ Launched App Factory in 2Q 2013 ๏ Launched Enterprise Store and first open source Mobile solution in 4Q 2013
- 5. ** Outline ๏ Scenario ๏ Deployment - IS as Key Manager for API Gateway ๏ Configuration Steps ๏ Federation Capabilities of IS 5.0.0 ๏ Deployment - Extend to use an Existing IAM (Shibboleth IDP) ๏ Expandability ๏ Q&A
- 6. ** Scenario Web Apps SAML SSO Shibboleth® is a registered trademark of Internet2®.
- 7. ** Scenario Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager SAML SSO
- 8. ** Scenario Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) SAML SSO OAuth 2.0
- 9. ** Scenario Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) SAML SSO OAuth 2.0
- 10. ** Deployment - IS as Key Manager for API Gateway
- 11. ** Configuration Steps Create the databases, ๏ WSO2REG_DB: keep the registry information - use <IS_HOME>/dbscripts/<database_type>.sql ๏ WSO2UM_DB: store permissions and the internal roles - use <IS_HOME>/dbscripts/<database_type>.sql ๏ WSO2AM_DB: keep the identity data and API-related data - use APIM_HOME>/dbscripts/apimgt/<database_type>.sql and <IS_HOME>/dbscripts/identity/<database_type>.sql
- 12. ** Configuration Steps Ctd In Identity Server, ๏ Install the ‘key manager’ feature ๏ Copy api-manager.xml from API-M 1.7.0 ๏ Do configurations to point to Gateway ๏ Configure JWT generation ๏ Add data sources in master-datasource.xml ๏ Copy registry.xml from API-M 1.7.0 ๏ Do the registry mounts ๏ Add handler for XACML media type ๏ Point identity.xml to use datasource AM_DB ๏ Point user-mgt.xml to use datasource UM_DB
- 13. ** Configuration Steps Ctd In API Manager, ๏ Add data sources in master-datasource.xml ๏ Copy registry.xml from API-M 1.7.0 ๏ Do the registry mounts ๏ Point user-mgt.xml to use datasource UM_DB ๏ In api-manager.xml ๏ Configure AuthManager and APIKey Manager ๏ Point available default APIs to use IS endpoints
- 14. ** Scenario Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) SAML SSO OAuth 2.0
- 15. ** Federation Capabilities of IS ๏ Federation between multiple heterogeneous identity providers ๏ SSO between heterogenous standards/protocols ๏ Out-of-the-box integration with Google Apps and Salesforce ๏ Home realm discovery - deriving user's home IDP from the request
- 16. ** Scenario Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) SAML SSO OAuth 2.0
- 17. ** Delegate Authentication to Shibboleth ๏ Configure Shibboleth IDP as a IDP in Identity Server ๏ Configure default SP to use above configured IDP.
- 18. ** Expandability of Solution Web Apps API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) SAML SSO OAuth 2.0 SSO between heterogenous standards/protocols SalesForce LifeRay GoogleApps Drupal SAML SSO SAML SSO OpenID OpenID
- 19. ** Expandability of Solution Web Apps SAML SSO API Management (WSO2 API-M 1.7.0) SAML SSO Key Manager (WSO2 IS 5.0.0) OAuth 2.0 Federation between multiple heterogeneous identity providers Web Apps OpenId Google Apps FaceBook Custom- --- SAML SSO
- 20. ** More Information ! ๏ Download WSO2 Identity Server (latest version 5.0.0) from, http: //wso2.com/products/identity-server ๏ Download WSO2 API Manager (latest version 1.7.0) from, http: //wso2.com/products/api-manager/ ๏ Set up Identity Server 5.0.0 as Key Manager for API Manager 5.0.0 - https://docs.wso2. com/display/CLUSTER420/Configuring+WSO2+Identity+Server+as+the +Key+Manager ๏ Identity Server 5.0.0 documentation - https://docs.wso2. com/display/IS500/WSO2+Identity+Server+Documentation ๏ Configure Shibboleth with WSO2 products - http://dulanja.blogspot. com/2013/09/saml2-sso-to-wso2-420-carbon-products.html ๏ Enterprise Directory of APIs and Service Bus (University of Michingan Use case)- https://spaces.internet2. edu/display/itana/University+of+Michigan
- 22. Contact us !