@Chamod Samarajeewa <cha...@wso2.com> if we send username, password and resource to the KM, can't we get the required result from a single call to KM?
Agree with Nuwan that we can reduce a DB call at KM if we store scopes in synapse definition. Then we can sent username, password and scope (instead of resource) to the KM. On Thu, Feb 21, 2019 at 2:33 PM Nuwan Dias <nuw...@wso2.com> wrote: > Yes, if we can maintain the resources and their respective scopes at the > synapse definition, we can avoid doing another call to KM (and the DB) at > the point of token validation. > > Also Chamod I guess we will have to come up with a design of how to keep > those information in the synapse XML. > > On Thu, Feb 21, 2019 at 2:27 PM Chamod Samarajeewa <cha...@wso2.com> > wrote: > >> Hi all, >> >> We have currently used the AuthenticationAdmin service to authenticate a >> user given the username and password(Basic Authentication). The next step >> is to validate whether the scopes bound to a resource are matched with the >> user roles. In this case, we might have to access the KeyManager several >> times as mentioned below. >> >> 1) Validate user based on username and password >> 2) To check whether the resource has a scope and if so request the scopes >> 3) Request user roles if scopes are bound to the resource >> >> We thought we can minimize the performance degradation which can happen >> due to multiple requests to the Key Manager as below. >> >> *Solution :* >> >> When a user publishes an API, the scopes bound to the API should be added >> to the Synapse-config. Then, at the runtime we can read the synapse >> configuration of API to check whether the resource has a scope bound and if >> so what are the scopes without calling the Key Manager. >> >> I would really appreciate any feedback. Thank you. >> >> Best regards, >> Chamod. >> >> >> On Sat, Feb 16, 2019 at 9:10 PM Chamod Samarajeewa <cha...@wso2.com> >> wrote: >> >>> Hi Harsha, >>> >>> Yes, the user can expose API either OAuth, Basic auth or even both with >>> this implementation. Thank you. >>> >>> Best Regards, >>> Chamod. >>> >>> On Fri, Feb 15, 2019 at 9:34 PM Harsha Kumara <hars...@wso2.com> wrote: >>> >>>> Hi Chamod, >>>> >>>> Can user choose to expose API either OAuth or Basic authentication with >>>> this implementation? >>>> >>>> We need to provide basic authentication agaist user store configured in >>>> the key manager. Because most of the timee, gateway won't share user >>>> stores. Please add the local user store authentication support as well. We >>>> need to look for possible caching mechanism for this. >>>> >>>> Since we do have mutual authentication as a security scheme, check the >>>> best way of providing the basic authentication >>>> >>>> Thanks, >>>> Harsha >>>> >>>> On Fri, Feb 15, 2019 at 9:07 PM Chamod Samarajeewa <cha...@wso2.com> >>>> wrote: >>>> >>>>> Adding architecture@wso2.org >>>>> >>>>> On Fri, Feb 15, 2019 at 5:18 PM Harsha Kumara <hars...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi Chamod, >>>>>> >>>>>> Can user choose to expose API either OAuth or Basic authentication >>>>>> with this implementation? >>>>>> >>>>>> We need to provide basic authentication agaist user store configured >>>>>> in the key manager. Because most of the timee, gateway won't share user >>>>>> stores. Please add the local user store authentication support as well. >>>>>> We >>>>>> need to look for possible caching mechanism for this. >>>>>> >>>>>> Since we do have mutual authentication as a security scheme, check >>>>>> the best way of providing the basic authentication >>>>>> >>>>>> Thanks, >>>>>> Harsha >>>>>> >>>>>> On Fri, Feb 15, 2019 at 4:59 PM Chamod Samarajeewa <cha...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> Adding architect...@wso2.com. >>>>>>> >>>>>>> >>>>>>> ---------- Forwarded message --------- >>>>>>> From: Nuwan Dias <nuw...@wso2.com> >>>>>>> Date: Fri, Feb 15, 2019 at 3:01 PM >>>>>>> Subject: Re: Basic Authentication for APIM Gateway >>>>>>> To: Chamod Samarajeewa <cha...@wso2.com> >>>>>>> Cc: Architecture Team <architecture-t...@wso2.com>, APIM Team < >>>>>>> apim-gr...@wso2.com> >>>>>>> >>>>>>> >>>>>>> Chamod, this email should be sent to architecture@wso2.org. >>>>>>> >>>>>>> Thanks, >>>>>>> NuwanD. >>>>>>> >>>>>>> On Fri, Feb 15, 2019 at 2:37 PM Chamod Samarajeewa <cha...@wso2.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi All, >>>>>>>> >>>>>>>> I have included the information in the Github issue here as well. >>>>>>>> >>>>>>>> *Requirements* >>>>>>>> >>>>>>>> >>>>>>>> Provide authentication for APIM Gateway with basic authentication >>>>>>>> which uses usernames and passwords. >>>>>>>> >>>>>>>> *Introduction* >>>>>>>> >>>>>>>> >>>>>>>> Providing feature of enabling basic authentication security schema >>>>>>>> to product APIM Gateway along with OAuth2 token-based authentication. >>>>>>>> The >>>>>>>> user will be benefited with using only OAuth2 token based >>>>>>>> authentication >>>>>>>> alone, using basic authentication alone and using both schemas at the >>>>>>>> same >>>>>>>> time. >>>>>>>> >>>>>>>> >>>>>>>> *Approach* >>>>>>>> >>>>>>>> >>>>>>>> [image: Basic Auth - APIM-GW-2.jpg] >>>>>>>> >>>>>>>> curl -k -X GET "https://10.100.0.201:8243/pizzashack/1.0.0/menu"; >>>>>>>> -H "accept: application/json" -H "Authorization: Basic $(echo -n >>>>>>>> username:password | base64)" >>>>>>>> >>>>>>>> The API Authentication Handler will forward the request to Basic >>>>>>>> Auth Authenticator or OAuth Authenticator based on the authorization >>>>>>>> header >>>>>>>> of the request. >>>>>>>> >>>>>>>> Thank you. Regards. >>>>>>>> >>>>>>>> On Fri, Feb 15, 2019 at 2:20 PM Chamod Samarajeewa <cha...@wso2.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi All, >>>>>>>>> >>>>>>>>> I'm working on developing a new feature for APIM Gateway to >>>>>>>>> provide Basic Authentication support. You can find the details in the >>>>>>>>> following Github issue [1]. >>>>>>>>> >>>>>>>>> I would really appreciate any feedback. Thank you. >>>>>>>>> >>>>>>>>> Best regards, >>>>>>>>> Chamod. >>>>>>>>> >>>>>>>>> [1] - https://github.com/wso2/carbon-apimgt/issues/5986 >>>>>>>>> -- >>>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>>> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> >>>>>>>>> GET INTEGRATION AGILE >>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> >>>>>>>> GET INTEGRATION AGILE >>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Nuwan Dias* | Director | WSO2 Inc. >>>>>>> (m) +94 777 775 729 | (e) nuw...@wso2.com >>>>>>> [image: Signature.jpg] >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> >>>>>>> GET INTEGRATION AGILE >>>>>>> Integration Agility for Digitally Driven Business >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> *Harsha Kumara* >>>>>> >>>>>> Associate Technical Lead, WSO2 Inc. >>>>>> Mobile: +94775505618 >>>>>> Email: hars...@wso2.coim >>>>>> Blog: harshcreationz.blogspot.com >>>>>> >>>>>> GET INTEGRATION AGILE >>>>>> Integration Agility for Digitally Driven Business >>>>>> >>>>> >>>>> >>>>> -- >>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> >>>>> GET INTEGRATION AGILE >>>>> Integration Agility for Digitally Driven Business >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> Architecture@wso2.org >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>> >>>> >>>> -- >>>> >>>> *Harsha Kumara* >>>> >>>> Associate Technical Lead, WSO2 Inc. >>>> Mobile: +94775505618 >>>> Email: hars...@wso2.coim >>>> Blog: harshcreationz.blogspot.com >>>> >>>> GET INTEGRATION AGILE >>>> Integration Agility for Digitally Driven Business >>>> _______________________________________________ >>>> Architecture mailing list >>>> Architecture@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>> >>> >>> -- >>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> >>> GET INTEGRATION AGILE >>> Integration Agility for Digitally Driven Business >>> >> >> >> -- >> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> >> GET INTEGRATION AGILE >> Integration Agility for Digitally Driven Business >> > > > -- > *Nuwan Dias* | Director | WSO2 Inc. > (m) +94 777 775 729 | (e) nuw...@wso2.com > [image: Signature.jpg] > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
