> > Are we caching the decision? > Yes. We are hoping to use a caching mechanism.
On Fri, Mar 8, 2019 at 2:29 PM Harsha Kumara <hars...@wso2.com> wrote: > > > On Fri, Mar 8, 2019 at 3:56 AM Chamod Samarajeewa <cha...@wso2.com> wrote: > >> Hi Harsha, >> >> In the current implementation, we are not calling a token endpoint. We >> directly validate basic auth credentials using RemoteUserStoreManager admin >> service. Therefore, no hardcoded consumer key and password is used. >> > Are we caching the decision? > >> >> Best Regards, >> Chamod. >> >> On Fri, Mar 8, 2019 at 2:18 PM Harsha Kumara <hars...@wso2.com> wrote: >> >>> @Chamod Samarajeewa <cha...@wso2.com> can you share current >>> implementation details? Is you basic authentication handler, I assume you >>> calling token endpoint with hard coded consumer key and password. We should >>> be able to support Johann's suggestion with Option 1. >>> >>> On Fri, Mar 8, 2019 at 3:20 AM Harsha Kumara <hars...@wso2.com> wrote: >>> >>>> Is your requirement is to provide basic authentication via clientId and >>>> clientSecret? For the microgateway, it will required to validate the this >>>> by connecting to the key manager and bring the throttling information and >>>> etc which will require another API. Else at micro gateway it will required >>>> to generate a token using clientd and secret and resume the flow. >>>> >>>> On Fri, Mar 8, 2019 at 2:28 AM Johann Nallathamby <joh...@wso2.com> >>>> wrote: >>>> >>>>> *[sending this mail again because previous one wasn't copied to >>>>> architecture@wso2.org <architecture@wso2.org>]* >>>>> >>>>> Hi Nuwan, Hi Harsha, Hi Chamod, >>>>> >>>>> An additional thought here. Most of the times customers who ask for >>>>> basic authentication support are the customers who need to support legacy >>>>> external applications I believe; not so much the internal applications. >>>>> Because, there can be many external parties and they cannot ask all those >>>>> parties to change. For example, mobile apps that take username/password to >>>>> be changes to OAuth2. >>>>> >>>>> In those cases it could be also useful to track all these "clients"; >>>>> meaning applying throttling and analytics. If we go with only >>>>> username/password I believe we can't get that capability, because our >>>>> throttling and analytics is coupled to OAuth2 client_id. Hence can we >>>>> provide the following improvements. >>>>> >>>>> 1. For clients who are willing to change the client side slightly, we >>>>> can use the following format: >>>>> *base64((base64(client_id:username)):base64(client_secret:password))* >>>>> I am assuming our client_id and client_secret doesn't contain ":" >>>>> (colons). There can be many ways of doing this. So good if we can provide >>>>> an extension point to extract the client credentials. >>>>> >>>>> 2. For clients who are not willing to change the client side at all, >>>>> generate a blanket application from the gateway on first use of any such >>>>> legacy application, to capture all such clients under one internal >>>>> client_id, to apply analytics and throttling considering all those apps as >>>>> one. I suppose this will at least separate the non-trusted apps from >>>>> trusted apps, to minimize breaches. >>>>> >>>>> Thoughts? >>>>> >>>>> Regards, >>>>> Johann. >>>>> >>>>> On Tue, Mar 5, 2019 at 4:41 PM Chamod Samarajeewa <cha...@wso2.com> >>>>> wrote: >>>>> >>>>>> >>>>>> >>>>>> ---------- Forwarded message --------- >>>>>> From: Chamod Samarajeewa <cha...@wso2.com> >>>>>> Date: Tue, Mar 5, 2019 at 4:35 PM >>>>>> Subject: Re: Basic Authentication for APIM Gateway >>>>>> To: Nadeesha Gamage <nadee...@wso2.com> >>>>>> Cc: Harsha Kumara <hars...@wso2.com>, <architect...@wso2.com>, Nuwan >>>>>> Dias <nuw...@wso2.com>, APIM Team <apim-gr...@wso2.com> >>>>>> >>>>>> >>>>>> Hi Nadeesha, >>>>>> >>>>>> How will this impact statistics? Will it be possible to get usage >>>>>>> statistics even if they use basic authentication? >>>>>>> >>>>>> >>>>>> Yes, can get the usage statistics using the username and the api. >>>>>> >>>>>> I would also like to know when this feature would be available. >>>>>> >>>>>> >>>>>> Within Q2 and Q3 time frame. >>>>>> >>>>>> Thank you.Best Regards. >>>>>> Chamod. >>>>>> >>>>>> On Tue, Mar 5, 2019 at 3:32 PM Nadeesha Gamage <nadee...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> Hi Chamod, >>>>>>> I would also like to know when this feature would be available. >>>>>>> >>>>>>> Nadeesha >>>>>>> >>>>>>> On Tue, Mar 5, 2019 at 3:30 PM Nadeesha Gamage <nadee...@wso2.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi Chamod, >>>>>>>> How will this impact statistics? Will it be possible to get usage >>>>>>>> statistics even if they use basic authentication? >>>>>>>> >>>>>>>> Nadeesha >>>>>>>> >>>>>>>> On Fri, Feb 15, 2019 at 5:18 PM Harsha Kumara <hars...@wso2.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi Chamod, >>>>>>>>> >>>>>>>>> Can user choose to expose API either OAuth or Basic authentication >>>>>>>>> with this implementation? >>>>>>>>> >>>>>>>>> We need to provide basic authentication agaist user store >>>>>>>>> configured in the key manager. Because most of the timee, gateway >>>>>>>>> won't >>>>>>>>> share user stores. Please add the local user store authentication >>>>>>>>> support >>>>>>>>> as well. We need to look for possible caching mechanism for this. >>>>>>>>> >>>>>>>>> Since we do have mutual authentication as a security scheme, check >>>>>>>>> the best way of providing the basic authentication >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Harsha >>>>>>>>> >>>>>>>>> On Fri, Feb 15, 2019 at 4:59 PM Chamod Samarajeewa < >>>>>>>>> cha...@wso2.com> wrote: >>>>>>>>> >>>>>>>>>> Adding architect...@wso2.com. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ---------- Forwarded message --------- >>>>>>>>>> From: Nuwan Dias <nuw...@wso2.com> >>>>>>>>>> Date: Fri, Feb 15, 2019 at 3:01 PM >>>>>>>>>> Subject: Re: Basic Authentication for APIM Gateway >>>>>>>>>> To: Chamod Samarajeewa <cha...@wso2.com> >>>>>>>>>> Cc: Architecture Team <architecture-t...@wso2.com>, APIM Team < >>>>>>>>>> apim-gr...@wso2.com> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Chamod, this email should be sent to architecture@wso2.org. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> NuwanD. >>>>>>>>>> >>>>>>>>>> On Fri, Feb 15, 2019 at 2:37 PM Chamod Samarajeewa < >>>>>>>>>> cha...@wso2.com> wrote: >>>>>>>>>> >>>>>>>>>>> Hi All, >>>>>>>>>>> >>>>>>>>>>> I have included the information in the Github issue here as well. >>>>>>>>>>> >>>>>>>>>>> *Requirements* >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Provide authentication for APIM Gateway with basic >>>>>>>>>>> authentication which uses usernames and passwords. >>>>>>>>>>> >>>>>>>>>>> *Introduction* >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Providing feature of enabling basic authentication security >>>>>>>>>>> schema to product APIM Gateway along with OAuth2 token-based >>>>>>>>>>> authentication. The user will be benefited with using only OAuth2 >>>>>>>>>>> token >>>>>>>>>>> based authentication alone, using basic authentication alone and >>>>>>>>>>> using both >>>>>>>>>>> schemas at the same time. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> *Approach* >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> [image: Basic Auth - APIM-GW-2.jpg] >>>>>>>>>>> >>>>>>>>>>> curl -k -X GET "https://10.100.0.201:8243/pizzashack/1.0.0/menu"; >>>>>>>>>>> -H "accept: application/json" -H "Authorization: Basic $(echo >>>>>>>>>>> -n username:password | base64)" >>>>>>>>>>> >>>>>>>>>>> The API Authentication Handler will forward the request to Basic >>>>>>>>>>> Auth Authenticator or OAuth Authenticator based on the >>>>>>>>>>> authorization header >>>>>>>>>>> of the request. >>>>>>>>>>> >>>>>>>>>>> Thank you. Regards. >>>>>>>>>>> >>>>>>>>>>> On Fri, Feb 15, 2019 at 2:20 PM Chamod Samarajeewa < >>>>>>>>>>> cha...@wso2.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi All, >>>>>>>>>>>> >>>>>>>>>>>> I'm working on developing a new feature for APIM Gateway to >>>>>>>>>>>> provide Basic Authentication support. You can find the details in >>>>>>>>>>>> the >>>>>>>>>>>> following Github issue [1]. >>>>>>>>>>>> >>>>>>>>>>>> I would really appreciate any feedback. Thank you. >>>>>>>>>>>> >>>>>>>>>>>> Best regards, >>>>>>>>>>>> Chamod. >>>>>>>>>>>> >>>>>>>>>>>> [1] - https://github.com/wso2/carbon-apimgt/issues/5986 >>>>>>>>>>>> -- >>>>>>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>>>>>> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> >>>>>>>>>>>> GET INTEGRATION AGILE >>>>>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>>>>> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> >>>>>>>>>>> GET INTEGRATION AGILE >>>>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> *Nuwan Dias* | Director | WSO2 Inc. >>>>>>>>>> (m) +94 777 775 729 | (e) nuw...@wso2.com >>>>>>>>>> [image: Signature.jpg] >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>>>>> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> >>>>>>>>>> GET INTEGRATION AGILE >>>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> *Harsha Kumara* >>>>>>>>> >>>>>>>>> Associate Technical Lead, WSO2 Inc. >>>>>>>>> Mobile: +94775505618 >>>>>>>>> Email: hars...@wso2.coim >>>>>>>>> Blog: harshcreationz.blogspot.com >>>>>>>>> >>>>>>>>> GET INTEGRATION AGILE >>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Nadeesha Gamage >>>>>>>> Senior Lead Solutions Engineer >>>>>>>> T : +94 77 394 5706 >>>>>>>> B : https://nadeesha678.wordpress.com/ >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Nadeesha Gamage >>>>>>> Senior Lead Solutions Engineer >>>>>>> T : +94 77 394 5706 >>>>>>> B : https://nadeesha678.wordpress.com/ >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> >>>>>> GET INTEGRATION AGILE >>>>>> Integration Agility for Digitally Driven Business >>>>>> >>>>>> >>>>>> -- >>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> >>>>>> GET INTEGRATION AGILE >>>>>> Integration Agility for Digitally Driven Business >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> Architecture@wso2.org >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Johann Dilantha Nallathamby* | Associate Director/Solutions >>>>> Architect | WSO2 Inc. >>>>> (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com >>>>> [image: Signature.jpg] >>>>> >>>> >>>> >>>> -- >>>> >>>> *Harsha Kumara* >>>> >>>> Associate Technical Lead, WSO2 Inc. >>>> Mobile: +94775505618 >>>> Email: hars...@wso2.coim >>>> Blog: harshcreationz.blogspot.com >>>> >>>> GET INTEGRATION AGILE >>>> Integration Agility for Digitally Driven Business >>>> >>> >>> >>> -- >>> >>> *Harsha Kumara* >>> >>> Associate Technical Lead, WSO2 Inc. >>> Mobile: +94775505618 >>> Email: hars...@wso2.coim >>> Blog: harshcreationz.blogspot.com >>> >>> GET INTEGRATION AGILE >>> Integration Agility for Digitally Driven Business >>> >> >> >> -- >> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> >> GET INTEGRATION AGILE >> Integration Agility for Digitally Driven Business >> > > > -- > > *Harsha Kumara* > > Associate Technical Lead, WSO2 Inc. > Mobile: +94775505618 > Email: hars...@wso2.coim > Blog: harshcreationz.blogspot.com > > GET INTEGRATION AGILE > Integration Agility for Digitally Driven Business > -- Chamod Samarajeewa | Software Engineer | WSO2 Inc. (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> GET INTEGRATION AGILE Integration Agility for Digitally Driven Business
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
