This presentation will discuss how WSO2 Identity Server 5.0 can bridge the gap between an organization's API management and identity management of existing users to allow them to create and/or consume the APIs.
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
Leveraging federation capabilities of identity server for api gateway
1. Last Updated: July 2. 2014
Software Engineer
Pushpalanka Jaywardhana
Leveraging Federation Capabilities
of Identity Server for API Gateway
2. **
About the Presenter
๏ Pushpalanka Jayawardhana
-Software Engineer
email:lanka@wso2.com
Pushpalanka is a member of WSO2
Identity Server team, focusing on
security and integration. In
addition to the development
efforts, she has been involved in
several consulting customer
engagements, providing solutions
for various requirements in
different domains.
3. **
About WSO2
๏ Global enterprise, founded in
2005 by acknowledged leaders in
XML, web services technologies,
standards and open source
๏ Provides only open source
platform-as-a-service for private,
public and hybrid cloud
deployments
๏ All WSO2 products are 100% open
source and released under the
Apache License Version 2.0.
๏ Is an Active Member of OASIS,
Cloud Security Alliance, OSGi
Alliance, AMQP Working Group,
OpenID Foundation and W3C.
๏ Driven by Innovation
๏ Launched first open source API
Management solution in 2012
๏ Launched App Factory in 2Q 2013
๏ Launched Enterprise Store and
first open source Mobile solution
in 4Q 2013
5. **
Outline
๏ Scenario
๏ Deployment - IS as Key Manager for API Gateway
๏ Configuration Steps
๏ Federation Capabilities of IS 5.0.0
๏ Deployment - Extend to use an Existing IAM (Shibboleth IDP)
๏ Expandability
๏ Q&A
11. **
Configuration Steps
Create the databases,
๏ WSO2REG_DB: keep the registry information
- use <IS_HOME>/dbscripts/<database_type>.sql
๏ WSO2UM_DB: store permissions and the internal roles
- use <IS_HOME>/dbscripts/<database_type>.sql
๏ WSO2AM_DB: keep the identity data and API-related data
- use
APIM_HOME>/dbscripts/apimgt/<database_type>.sql and
<IS_HOME>/dbscripts/identity/<database_type>.sql
12. **
Configuration Steps Ctd
In Identity Server,
๏ Install the ‘key manager’ feature
๏ Copy api-manager.xml from API-M 1.7.0
๏ Do configurations to point to Gateway
๏ Configure JWT generation
๏ Add data sources in master-datasource.xml
๏ Copy registry.xml from API-M 1.7.0
๏ Do the registry mounts
๏ Add handler for XACML media type
๏ Point identity.xml to use datasource AM_DB
๏ Point user-mgt.xml to use datasource UM_DB
13. **
Configuration Steps Ctd
In API Manager,
๏ Add data sources in master-datasource.xml
๏ Copy registry.xml from API-M 1.7.0
๏ Do the registry mounts
๏ Point user-mgt.xml to use datasource UM_DB
๏ In api-manager.xml
๏ Configure AuthManager and APIKey Manager
๏ Point available default APIs to use IS endpoints
15. **
Federation Capabilities of IS
๏ Federation between multiple heterogeneous identity
providers
๏ SSO between heterogenous standards/protocols
๏ Out-of-the-box integration with Google Apps and Salesforce
๏ Home realm discovery - deriving user's home IDP from the
request
18. **
Expandability of Solution
Web Apps
API Management
(WSO2 API-M 1.7.0)
SAML SSO
Key Manager
(WSO2 IS 5.0.0)
SAML SSO
OAuth 2.0
SSO between heterogenous standards/protocols
SalesForce
LifeRay
GoogleApps
Drupal
SAML SSO
SAML SSO
OpenID
OpenID
19. **
Expandability of Solution
Web Apps
SAML SSO
API Management
(WSO2 API-M 1.7.0)
SAML SSO
Key Manager
(WSO2 IS 5.0.0)
OAuth 2.0
Federation between multiple heterogeneous identity providers
Web Apps
OpenId
Google Apps FaceBook
Custom-
---
SAML SSO
20. **
More Information !
๏ Download WSO2 Identity Server (latest version 5.0.0) from, http:
//wso2.com/products/identity-server
๏ Download WSO2 API Manager (latest version 1.7.0) from, http:
//wso2.com/products/api-manager/
๏ Set up Identity Server 5.0.0 as Key Manager for API Manager 5.0.0 -
https://docs.wso2.
com/display/CLUSTER420/Configuring+WSO2+Identity+Server+as+the
+Key+Manager
๏ Identity Server 5.0.0 documentation - https://docs.wso2.
com/display/IS500/WSO2+Identity+Server+Documentation
๏ Configure Shibboleth with WSO2 products - http://dulanja.blogspot.
com/2013/09/saml2-sso-to-wso2-420-carbon-products.html
๏ Enterprise Directory of APIs and Service Bus
(University of Michingan Use case)- https://spaces.internet2.
edu/display/itana/University+of+Michigan