[Apiman-user] apiman suitable for managing end users?

Eric Wittmann eric.wittmann at redhat.com
Thu Jul 23 09:34:28 EDT 2015 

+1 thanks.

On 7/23/2015 9:13 AM, Tim Dudgeon wrote:
> No further comments so I created an issue for this:
> https://issues.jboss.org/browse/APIMAN-569
>
> On 20/07/2015 10:09, Eric Wittmann wrote:
>> Hi Tim.
>>
>> Interesting scenario.  The typical scenario is that the apiman UI is
>> only used by service providers and application developers.  End users
>> will typically not use the apiman UI.  However, that doesn't mean
>> apiman can't track end users.  If authentication is enabled (either
>> BASIC or OAuth2), then rate limiting can be configured on a per-user
>> basis.  When you configure the rate limit policy, you can choose
>> "user" as an option and then provide the HTTP header containing the
>> user.  When configuring the authentication policy (which must come
>> first in the policy chain) you would need to enable forwarding of the
>> username.
>>
>> In addition, the next version of apiman will also include the
>> authenticated user in the metrics data.  This would allow you to query
>> the elasticsearch metrics information by username.  We won't have any
>> specific support in the UI for breaking down metrics by user, at least
>> not right away, but it will be in the data at least.
>>
>> Of course, you *can* use apiman the way you are suggesting.  But as
>> you observed there are some challenges.  We don't currently have a way
>> to assign roles to users automatically when they register.  It would
>> need to be a feature request I think:
>>
>> https://issues.jboss.org/browse/APIMAN
>>
>> I think if we added a very generic "user registration" extension point
>> to apiman, then you could write your own custom handler to do whatever
>> you want.  Such a handler would be invoked the first time a new user
>> logged into apiman.  You could drive off their email address, roles,
>> whatever.  You could also provide a handler via a plugin.
>>
>> Thoughts?  :)
>>
>> -Eric
>>
>>
>> On 7/19/2015 7:45 AM, Tim Dudgeon wrote:
>>> Hi
>>>
>>> I've been looking into apiman and like what I see, but have a conceptual
>>> question about its usage.
>>> I need something to manage the end users of my applications, not just
>>> the people who are developing and managing those applications. Is apiman
>>> suitable for this? e.g. each actual user of the applications would
>>> register to apiman and use their own access keys. I need this as I will
>>> want to handle metrics and usage on the level of the individual user.
>>>
>>> Also, if this was to be a sensible approach how does one configure the
>>> registration process. I understand apiman is using keycloak for this,
>>> but I see no link in the UI to configure keycloak. And I would need a
>>> way that new users could automatically be assigned to an organisation
>>> (e.g. a default organisation, or a specific one based on their email
>>> address).
>>>
>>> Tim
>>> _______________________________________________
>>> Apiman-user mailing list
>>> Apiman-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>>
>
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>

More information about the Apiman-user mailing list