[Apiman-user] apiman suitable for managing end users?

Tim Dudgeon tdudgeon.ml at gmail.com
Thu Jul 23 09:13:11 EDT 2015 

No further comments so I created an issue for this:
https://issues.jboss.org/browse/APIMAN-569

On 20/07/2015 10:09, Eric Wittmann wrote:
> Hi Tim.
>
> Interesting scenario.  The typical scenario is that the apiman UI is 
> only used by service providers and application developers.  End users 
> will typically not use the apiman UI.  However, that doesn't mean 
> apiman can't track end users.  If authentication is enabled (either 
> BASIC or OAuth2), then rate limiting can be configured on a per-user 
> basis.  When you configure the rate limit policy, you can choose 
> "user" as an option and then provide the HTTP header containing the 
> user.  When configuring the authentication policy (which must come 
> first in the policy chain) you would need to enable forwarding of the 
> username.
>
> In addition, the next version of apiman will also include the 
> authenticated user in the metrics data.  This would allow you to query 
> the elasticsearch metrics information by username.  We won't have any 
> specific support in the UI for breaking down metrics by user, at least 
> not right away, but it will be in the data at least.
>
> Of course, you *can* use apiman the way you are suggesting.  But as 
> you observed there are some challenges.  We don't currently have a way 
> to assign roles to users automatically when they register.  It would 
> need to be a feature request I think:
>
> https://issues.jboss.org/browse/APIMAN
>
> I think if we added a very generic "user registration" extension point 
> to apiman, then you could write your own custom handler to do whatever 
> you want.  Such a handler would be invoked the first time a new user 
> logged into apiman.  You could drive off their email address, roles, 
> whatever.  You could also provide a handler via a plugin.
>
> Thoughts?  :)
>
> -Eric
>
>
> On 7/19/2015 7:45 AM, Tim Dudgeon wrote:
>> Hi
>>
>> I've been looking into apiman and like what I see, but have a conceptual
>> question about its usage.
>> I need something to manage the end users of my applications, not just
>> the people who are developing and managing those applications. Is apiman
>> suitable for this? e.g. each actual user of the applications would
>> register to apiman and use their own access keys. I need this as I will
>> want to handle metrics and usage on the level of the individual user.
>>
>> Also, if this was to be a sensible approach how does one configure the
>> registration process. I understand apiman is using keycloak for this,
>> but I see no link in the UI to configure keycloak. And I would need a
>> way that new users could automatically be assigned to an organisation
>> (e.g. a default organisation, or a specific one based on their email
>> address).
>>
>> Tim
>> _______________________________________________
>> Apiman-user mailing list
>> Apiman-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>

More information about the Apiman-user mailing list