Client secret key and/or APIMAN-282
by Scott Dunbar
Hello,
I'm evaluating apiman for a use case and am trying to get my head around a
requirement that I have and how that fits in with apiman.
I have normal username/password users that I can use the Keycloak OAuth
token system for and that works fine. I'm interested in using some sort of
api key for server to server communication. Ultimately a customer wants to
encode a single key and not get an OAuth token that expires. If I
understand the way that the client API's work I believe that I can
implement this through there but I want to make sure I'm understanding
correctly.
I think that I would implement two plans. The "public" plan would include
the policies that I want (Oauth and role based authorization) and use
Oauth. Then I would create a client API for the server-to-server
communication and that would use a different plan that, assuming that the
api key was correct, would not have any other policies. Obviously that
means that the key is very private.
Am I thinking of this the right way? The advantage of the client API path
is that I could shut down a "server" (i.e. the server of a customer
interacting with our server) in one shot by unregistering the client. The
APIMAN-282 method would work too in that I could create a single user for
the customer and lock that account if I wanted to block access. Of course,
the APIMAN-282 enhancement is still in progress and I'm not sure it will
see the light of day.
So the short question is is the two pronged approach the way to go without
an APIMAN-282 type of policy?
Thanks for your help.
--
Scott Dunbar
Cell: 303 667 6343
8 years, 1 month
Questions about Plugins
by lamiae obila
I want to add a new identity source to the basic autentication plugin, do I
create a new component or just a plugin of my identity source overriding
the basic authentication policy?
--
*OBILA Lamiae*
Élève ingénieur
INSA Centre Val de Loire
Tel: 0634172110
8 years, 2 months
Re: [Apiman-user] APIMAN Question - regarding soap endpoint
by Eric Wittmann
Hi Gareth.
Sorry you didn't get a response in IRC. I'm pretty good about answering
stuff like that when I'm around - but we're probably in rather different
timezones.
In any case, apiman doesn't automatically modify the URLs found in the
response body. However there is a policy that can do that - it's called
the URL Rewriting Policy. It requires a bit of configuration (a regular
expression to match the specific URLs you want it to rewrite, as well as
the replacement value).
Give it a try, and let us know if you need a bit of help with the
configuration.
-Eric
On 4/14/2016 6:43 AM, Gareth Healy wrote:
> Hi guys,
>
> Hope you dont mind me asking you directly, tried via the IRC room but
> the internet is currently not the best with the customer i am with at
> the moment. Asked the following on irc:
>
> gahealy <member:gahealy>: hey guys, am using upstream APIMan, on OSE
> 3.1. Am proxying a WS and have the following Q from a customer:
> [11:04am] gahealy <member:gahealy>: One thing I noticed the SOAP
> endpoint url has not been repointed to the proxy is that a gap in the
> Apiman service?
> [11:04am] gahealy <member:gahealy>:
> [11:04am] gahealy <member:gahealy>: <wsdl:port
> name="SOAPService_Binding" binding="tns:SOAPService_Binding">
> [11:04am] gahealy <member:gahealy>:
> <soap:address location="http://dev-host1.devtest-istesb.bp.com:25201/mappingProvider/"/>
> [11:04am] gahealy <member:gahealy>: </wsdl:port>
>
> --
> Gareth Healy
> UKI Middleware Consultant
> Red Hat UK Ltd
> 200 Fowler Avenue
> Farnborough, Hants
> GU14 7JP, UK
>
> Mobile: +44(0)7818511214
> E-Mail: gahealy(a)redhat.com <mailto:gahealy@redhat.com>
>
> Registered in England and Wales under Company Registration No. 03798903
8 years, 2 months