Re: [Architecture] API Manager integration with Istio
Hi Pubudu, Thank you very much. Another language (GO). I hope it will work the first time, otherwise I must become polygot. I do not know if it can be easily converted to Java. Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] API Manager integration with Istio
Hi Pubudu, Unless I'm mistaken, I thought WSO2 would develop an Istio Mixer Adapter, like: - https://github.com/apigee/istio-mixer-adapter - https://github.com/3scale/3scale-istio-adapter If it is not the case, it would be nice to know. Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] API Manager integration with Istio
Hi Pubudu, It would be interesting to put a little code in the repo (https://github.com/wso2/istio-apim). Do you have a roadmap? The integration of Istio in our Openshift platform will be available this summer. Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] API Manager integration with Istio
Hi, Some references [1, 2, 3] that I think better describe the relationship between APIM & Istio. Differences in the security. For example, API management often uses techniques such as basic HTTP authentication, OAuth and application key/secret pairs to protect exposed APIs. A service mesh is often used to enforce mutual TLS, and introduce granular role-based access control between components within the mesh. "Istio can already validate JWTs and enforce basic rate limiting. See docs here and here. Those are fine for some use cases (not many unique clients), but you may want to have a system that isn't dependent on CRDs for clients or individual rate limits. To show that, we've released a Mixer adapter that is an integration with our Apigee Edge enterprise API management product. This allows you to use Apigee for, for example, creation of API keys or client IDs (Apigee has a portal in which your customers can create their own credentials self-service) and rate limits. Istio can then enforce the policies defined in the api management system by way of a Mixer adapter." [4] [1] Comparing a service mesh with API management in a microservice architecture by Kim Clark (https://developer.ibm.com/apiconnect/2018/11/13/service-mesh-vs-api-management/) [2] Part 1: Istio Service Mesh and APIConnect/DataPower Gateway integration by Krithika Prakash (https://developer.ibm.com/apiconnect/2018/11/13/part-1-istio-and-apic-datapower-integration/) [3] API and Microservice Management Technical Whitepaper Part 1 (https://developer.ibm.com/apiconnect/2018/07/25/api-connect-istio-side-side-perspective-get-white-paper/) [4] (https://groups.google.com/d/msg/istio-users/zKtk4uswGLQ/obDFaHdhBQAJ) Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] API Manager integration with Istio
Hi, Good news. Is there a link / dependency with the project https://github.com/wso2/product-vick ? Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] What is the most suitable way to invoke DCR endpoints from native mobile application
Hi, Could you please tell me what to add and where to add it to implement the 3rd option (Securing DCR endpoint with initial access token)? Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [Dev] [Announce] WSO2 Product Installation Resources Released!!!
Hi Chiranga Alwis, I just created an issue to track thiis : https://github.com/wso2/kubernetes-apim/issues/157 Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [Announce] WSO2 Product Installation Resources Released!!!
Hi, Thank you for this release. Pattern 3 is not included in the WSO2 API Manager v2.6.0.1 - https://github.com/wso2/kubernetes-apim/releases/tag/v2.6.0.1 Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [APIM 3.0.0] get rid of relational databases (MySQL, ...)
Hi Uvindra, Ok I will follow this procedure. I'm the customer (Solution/Enterprise Architect). it seems to me a very good idea. Thanks Youcef -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [APIM 3.0.0] get rid of relational databases (MySQL, ...)
Hi Uvindra, I come back to this topic because it is of great importance for us to have our multicloud deployment of wso2 APIM Cassandra with NoSQL bases to overcome all sync problems with MySQL. Could you provide an implementation of DAOs (https://github.com/wso2/carbon-apimgt/tree/6.x/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao) in JPA? So, we could use JPA with Cassandra : - https://github.com/Impetus/Kundera#supported-datastores - http://quicktechcuisine.blogspot.com/2016/01/using-jpa-with-cassandra-via-kundera.html Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [APIM 3.0.0] & [SP 4.0.0] siddhi-store-cassandra implementation
Hi, I completely forgot about this exchange. But hey, it's not too late. Thank you for this implementation : https://github.com/wso2-extensions/siddhi-store-cassandra Regards Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] advantages of using IS as KM for APIM ?
Hi Supun, We have 3 IDPs that are reserved for special use cases (internal, external, corporate). We will have to manage the federation with these three IDPs. So, it seems to me that it is easier to use IS as KM to federate these three IDPs. In addition, we have more flexibility to integrate the functionalities offered by IS: - MFA (https://wso2.com/library/articles/2015/09/article-how-to-generate-api-manager-access-tokens-using-multi-factor-authentication/) - eIDAS (https://docs.wso2.com/display/IS570/Electronic+Identification%2C+Authentication+and+Trust+Services+Regulation) - Social (https://docs.wso2.com/display/AM260/Log+in+to+the+API+Store+using+Social+Media) - Federated authenticators in WSO2 API Manager - WSO2 APIM is not shipped with some federated authenticators which are available in WSO2IS. Therefore we need to install them using feature manager. But WSO2 does not recommend installing new features on standard products as this practice is not supported by WSO2 Update Manager (WUM). - UMA (https://docs.wso2.com/display/IS570/User+Managed+Access) - ... - Extension Points for OAuth (https://docs.wso2.com/display/IS570/Extension+Points+for+OAuth) Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] advantages of using IS as KM for APIM ?
Hi, I am in the design phase of the future architecture of our APIM platform. Currently we do not deploy IS as KM. To not miss something I ask you to know if it is relevant to use IS as KM. What are the advantages of using IS as KM for APIM in a context where we have already tow IDP in our company? In other words what useful IS features are missing in KM? Thanks, Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] [APIM 2.x.y] Can I plug a Custom File System Provider ?
Hi, We have a multi-datacenter traget deployment and we want synchronize a sharred folder between the two DC. We don't/can't use rsync. But we can use a solution like https://github.com/Upplication/Amazon-S3-FileSystem-NIO2 My question : can we plug a Custom File System Provider in APIM ? Regards Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] APIM : How to integrate google and facebook to APIM via Identity service at the same time?
Hi, I have the same need as the one described here: https://stackoverflow.com/questions/37266609/how-to-integrate-google-and-facebook-to-api-m-via-identity-service-at-the-same-t My environment is : wso2 API-M cluster and the Key manager is wso2 identity service. What I wanna do is : User can login via Google or Facebook account to API-M publisher and store. My question is : how to do this without IS as KM (https://docs.wso2.com/display/AM250/Log+in+to+the+API+Store+using+Social+Media) ? Our main need is to open the store to customers / partners. The publisher can use our internal IDP. Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] WSO2 IS/APIM : support Mutual TLS Profile for OAuth 2.0 ?
Hi Sathya, We need to implement the regulatory requirements (http://www.etsi.org/deliver/etsi_ts/102600_102699/10264003/02.01.01_60/ts_10264003v020101p.pdf), in particular: 6.3 : REM Sender/REM Recipient Authentication b) Enhanced: using enhanced authentication such as two factor authentication mechanisms linked to a one time password; c) Strong: mutual SSL authentication, which includes client’s side user certificate; Can't access to https://docs.wso2.com/display/IS550/Mutual+TLS+for+OAuth+Clients Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [APIM 3.0.0] Can I integrate another API Gateway instead of the Bellerina API Gateway ?
Thank you Harsha, Yes, we will migrate to Ballerina as a target. But not in the short term. I did not find any tests showing if the performances are good (at least equal to the actual gateway). Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] [APIM 3.0.0] Can I integrate another API Gateway instead of the Bellerina API Gateway ?
Hi, Like the key-manager where you can plug an implementation, is it planned to do the same for the API Gateway API? For example, if I want to stay in the pure Java world can I integrate for example https://github.com/spring-cloud/spring-cloud-gateway ? Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] WSO2 IS/APIM : support Mutual TLS Profile for OAuth 2.0 ?
Hi, Good news : I just found that it's implemented : [1] https://github.com/wso2/product-is/issues/2751 [2] http://wso2-oxygen-tank.10903.n7.nabble.com/IS-5-5-0-TLS-Mutual-Authentication-for-OAuth-2-0-clients-td155448.html [3] https://medium.com/@technospace/mutual-tls-for-oauth-client-authentication-cdd595d4dcac I will see how to use it with APIM. Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Adding custom attributes to Applications in API Store
Hi, for this feature. I do not have access to the document [1] but we wish to develop mediations reinforcing access control to APIs according to these metadata (example (key: client-contract, value: contractx), ie : association between client-id & client-contract-id). Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [APIM 3.0.0] get rid of relational databases (MySQL, ...)
Hi Uvindra, I already have things that are ready: - https://github.com/wso2-extensions/identity-userstore-cassandra - https://github.com/wso2-extensions/siddhi-store-cassandra It remains to see if it is easy to implement a cassandra connector for: - https://github.com/wso2/carbon-auth/tree/master/components/auth/org.wso2.carbon.auth.user.store/src/main/java/org/wso2/carbon/auth/user/store/connector - https://github.com/wso2/carbon-apimgt/tree/master/components/apimgt/org.wso2.carbon.apimgt.core/src/main/java/org/wso2/carbon/apimgt/core/dao If it's not possible I must at least find a multi-site replication (active / active ) solution for MySQL. I prefer to harmonize everything with Cassandra. Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] [APIM 3.0.0] get rid of relational databases (MySQL, ...)
Hi, First of all, thank you very much for this excellent product. I am preparing an infrastructure for APIM 3.0.0 in multi-dacenter active / active configuration. I want to get rid of relational databases (MySQL, ...). Is it possible ? if so, could you please give me the outline to follow to use only the NoSQL Cassandra database? Thank you in advance. Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [MB] MQTT : support around 100K mqtt connections using WSO2 MB
Hi Hasitha, WSO2 MB is AMQP compliant. Why not use Apache Qpid Dispatch Router (https://qpid.apache.org/components/dispatch-router/index.html) to handle all connection management like Enmasse (http://enmasse.io/) ? Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [MB] MQTT : support around 100K mqtt connections using WSO2 MB
Hi, For information our solution: - will rely on the standard MQTT over Websocket (http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/csprd02/mqtt-v3.1.1-csprd02.html#_Toc385349863) - will use WSO2 APIM Websocket APIs (https://wso2.com/library/articles/2017/05/introducing-websocket-apis-with-wso2-api-manager/). Sample with kafka (https://medium.com/@lahirugmg/managed-websocket-api-for-kafka-with-wso2-api-manager-3e17f6e9a121) I keep an eye on the support of MQTT over WebSocket in WSO2 MB 4 (https://wso2.org/jira/browse/MB-1688). Tanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [MB] MQTT : support around 100K mqtt connections using WSO2 MB
Hi Hasitha, Thank you for this clear response. Apparently it seems difficult with WSO2 MB or any multi-protocol broker (https://stackoverflow.com/questions/27884895/what-are-the-maximum-mqtt-connections-supported-by-activemq-5-10-0). In this case it remains only pure MQTT middleware (among (https://github.com/mqtt/mqtt.github.io/wiki/servers). Mosquitto performance (~20,000 connections per instance) is great but It has bridge feature but not a "real" clustering (https://groups.google.com/d/msg/mqtt/sFjCBovLavw/9jKFLiEaBwAJ). The 1.0 release of the EMQ broker has scaled to 1.3 million concurrent MQTT connections on a 12 Core, 32G CentOS server (https://github.com/emqtt/emqttd) The performance is not the only criterion because it is also necessary to check the non-loss of messages (https://vernemq.com/docs/clustering/netsplits.html#possible-scenario-for-message-loss) Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [MB] MQTT : support around 100K mqtt connections using WSO2 MB
Hi Imesh, Thank you very much. I must present the solutions to the architectural committee of Tuesday, 06/02/2018. It's good to have some information even this weekend on my work email. Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] [MB] MQTT : support around 100K mqtt connections using WSO2 MB
Hi, We have a fleet of over 10 android smartphones. We evaluate MQTT bokers that can manage more than 100k connections with a large number of topics (notification, referential data, operational data, ...). Could you give me some tips to properly size a cluster in HA and scale with a load of over 100K connections? Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] Ho to use WSO2 IS to manage our applications ?
Hi IS team, WSO2 App Manager was created as a mechanism to offer a standalone solution for publishing and managing all aspects of an application and its lifecycle. We currently have this capability within WSO2 Identity Server (WSO2 IS), and we encourage you to continue to use WSO2 IS to manage your applications [1]. Can you please tel me where is this capability in WSO21 IS ? [1] https://wso2.com/products/app-manager/ Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [APIM 3.0.0] SAML2 and OAuth2/OIDC federated authenticators
Thank you Harsha, It must not be a regression. This is an important feature and has been available for a very long time : - Federated authenticators in WSO2 API Manager – WSO2APIM : http://xacmlinfo.org/2015/05/13/federated-authenticators-in-wso2-api-manager-wso2apim/ - https://github.com/wso2/carbon-apimgt/issues/4776 I admit that although WSO2 IS 5.4.0 is rich in features, we already have in our organisation a lot of IDPs managed by different and autonomous entities. Their integration via the federation is indispensable. Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] [APIM 3.0.0] SAML2 and OAuth2/OIDC federated authenticators
Hi APIM Team, APIM 3.0.0 is currently coupled with IS 5.4.0 which is based on Carbon 4.x (https://github.com/wso2/product-apim/issues/2031). Is/will inbuilt Key Manager support SAML2 and OAuth2/OIDC federated authenticators ? If not, how to plug this feature? Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [APIM 3.0.0] & [SP 4.0.0] siddhi-store-cassandra implementation
Hi all, I came back to see if the implementation is progressing and we can hope to have something to integrate by the end of January 2018. Happy New Year. Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] WSO2 IS/APIM : support Mutual TLS Profile for OAuth 2.0 ?
Hi all, Is Mutual TLS Profile for OAuth 2.0 supported [1] ? Open banking applications in Europe, where X.509 certificate based authentication is required by law, will find this new method indispensable. [1] https://tools.ietf.org/html/draft-ietf-oauth-mtls-05 Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] WSO2 IS : what are the differences between OpenID Connect & OAuth 2.0 federated authenticators
Hi Ahamed, Thank you very much for your response. In this case we will only use the code. Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] WSO2 IS : what are the differences between OpenID Connect & OAuth 2.0 federated authenticators
Hi Hasanthi, Yes I know that the password grant is supported . My question is: can I use the password grant with our third party IDP OAuth 2.0 [3] just integrated with [2]. [1] Federated Authentication - https://docs.wso2.com/display/IS530/Federated+Authentication [2] Configuring OAuth2-OpenID Connect - https://docs.wso2.com/display/IS530/Configuring+OAuth2-OpenID+Connect [3] IBM Security Access Manager 9.0.3.1 - OAuth 2.0 endpoints - https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.3.1/com.ibm.isam.doc/config/concept/OAuthEndpoints.html#oauthendpoints Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] WSO2 IS : what are the differences between OpenID Connect & OAuth 2.0 federated authenticators
Hi Hasanthi, Our third party OAuth2 server supports Authorization Code Grant and Password Grant. Authorization Code is very well explained (ex : http://nuwanzone.blogspot.fr/2015/10/getting-access-tokens-for-wso2-api.html). My question : Can we also use Password Grant ? Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] WSO2 IS : what are the differences between OpenID Connect & OAuth 2.0 federated authenticators
Hi Hasanthi, Thank you for your response. The good news is that we can integrate our OAuth2 server. Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] WSO2 IS : what are the differences between OpenID Connect & OAuth 2.0 federated authenticators
Hi WSO2 IS Team, Can you please tell me what are the differences between OpenID Connect & OAuth 2.0 federated authenticators ? The links for these two authenticators [1] refer to the same component [2]. We have an OAuth2 server with these endpoints [3]. Can I use this connector [2] ? I do not know what to put for the two fields: - OpenID Connect User ID Location - Additional Query Parameters Also there is no userinfo endpoint. And in this case how to get user attributes ? Should I use Introspect endpoint ? If so, then I must develop a specific authenticator for our case. [1] Federated Authentication - https://docs.wso2.com/display/IS530/Federated+Authentication [2] Configuring OAuth2-OpenID Connect - https://docs.wso2.com/display/IS530/Configuring+OAuth2-OpenID+Connect [3] IBM Security Access Manager 9.0.3.1 - OAuth 2.0 endpoints - https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.3.1/com.ibm.isam.doc/config/concept/OAuthEndpoints.html#oauthendpoints Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [APIM] Generating SDKs for APIs in API Manager Store
Hi Viduranga, Thank you very much for your response. In this case, I have to wait for the issue to be fixed. In the meantime, I will use maven or graddle for code generation. Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [APIM] Generating SDKs for APIs in API Manager Store
Hi all, How I can select alibrary (okhttp-gson, retrofit2, volley ) for Android target ? See : https://github.com/swagger-api/swagger-codegen/wiki/FAQ#how-can-i-generate-an-android-sdk Thanks, Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] WSO2 API Manager as a Kafka Producer
Hi, Is it possible to call connector operations from APIM mediation sequence ? >From what I have read and understood it must be possible : - Each connector provides a set of operations , which you call from your proxy services, sequences, and APIs to interact with that product (https://docs.wso2.com/display/ESBCONNECTORS/WSO2+ESB+Connectors). - Interate this in api sequence : topicName partitionNo Value localhost:9093 org.apache.kafka.common.serialization.StringSerializer org.apache.kafka.common.serialization.StringSerializer SSL /home/hariprasath/Desktop/kafkaNewJira/certKafka/kafka.server.truststore.jks test1234 /home/hariprasath/Desktop/kafkaNewJira/certKafka/kafka.server.keystore.jks test1234 test1234 Which feature (s) do I need to install to make it work? it should be like datamapper (https://medium.com/working-with-wso2-products/how-to-install-datamapper-mediator-in-wso2-api-manager-2-1-0-5a2c07885e1d) Thanks, Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] WSO2 API Manager as a Kafka Producer
Hi, The story is to allow our agents equipped with Smartphones Android [1] to interface with the kafka message bus. I did not use the WSO2 EI option because I prefer to wait for APIM 3.0.0 with native kafka connector [2] [1] http://wso2-oxygen-tank.10903.n7.nabble.com/APIM-AppAuth-Android-samples-tp152636.html [2] https://groups.google.com/forum/#!topic/ballerina-dev/sdlf-z2E7eM https://docs.google.com/document/d/1TFkDVMLIUQKuYTsuR0-yj2qb85I2Rlsv0jyiuz5RBOE/edit Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] WSO2 API Manager as a Kafka Producer
Hi, I want to use APIM as a kafka producer like "Pattern 1: WSO2 API Manager as a JMS Producerjms producer" [1] For this I'm looking for something simple to add kafka to [2] from the code [3]. [1] https://wso2.com/library/articles/2015/10/article-how-to-enable-wso2-api-manager-to-work-as-a-jms-producer/ [2] https://github.com/wso2/wso2-axis2-transports/tree/master/modules [3] https://github.com/wso2-extensions/esb-connector-kafka Thanks for your help. Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] APIM & AppAuth-Android samples
Hi Prabath, Since I have to provide an example of using APIM from an Android mobile application, what do you think about adapting the following: [1] - https://github.com/feedhenry/mobile-security-android-template [2] - Create an implementation for APIM for (https://github.com/feedhenry/mobile-security-android-template/blob/master/app/src/main/java/com/feedhenry/securenativeandroidtemplate/features/authentication/providers/OpenIDAuthenticationProvider.java) like this (https://github.com/feedhenry/mobile-security-android-template/blob/master/app/src/main/java/com/feedhenry/securenativeandroidtemplate/features/authentication/providers/KeycloakAuthenticateProviderImpl.java) [3] - Docs - https://github.com/feedhenry/mobile-security/blob/master/docs/mobileAuthOverview.adoc Thanks, Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] APIM & AppAuth-Android samples
Hi Pubudu, No, I don't test [1]. I looked at what is done in [2]. But I wait for the defect [3] to be solved. [2] - cdmf-agent-android - https://github.com/wso2/cdmf-agent-android/blob/master/app-catalog/app/src/main/java/org/wso2/app/catalog/services/DynamicClientManager.java - https://github.com/wso2/cdmf-agent-android/tree/master/app-catalog/iDPProxy [3] - https://github.com/wso2/cdmf-agent-android/issues/22 Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] APIM & AppAuth-Android samples
Hi, I am looking for examples of AppAuth-Android (https://github.com/openid/AppAuth-Android) use with APIM. Android-IDP-SDK (https://github.com/wso2-extensions/identity-agent-mobile-proxy-idp) doesn't meet our needs, especially for the limits stated in (https://wso2.com/library/articles/2014/07/sso-for-native-mobile-applications-with-wso2-identity-server/) : "The proposed solution can satisfy most of the enterprise requirements but there are still some possible advancements. A hardcoded client secret is not a good idea sometimes because someone can decompile the application and get the client secret. OpenID Connect spec dynamic client generation provides a solution to this problem. We are hoping to integrate OpenID Connect dynamic client generation in the upcoming versions of IDP SDK." See : OAuth 2.0 Best Practices for Native Apps (https://dzone.com/articles/oauth-20-best-practices-for-native-apps). Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [APIM 3.0.0] & [SP 4.0.0] siddhi-store-cassandra implementation
Hi Suho, We use Cassandra in many modules. But in APIM 3.0.0 I don't see where we can use it outside the SP 4.0 module that is not yet available. That's why I asked the question. Now, I have the answer: I plug the siddhi store on MySQL while waiting for the Cassandra implementation. Thanks, Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] [APIM 3.0.0] & [SP 4.0.0] siddhi-store-cassandra implementation
Hi, I am studying the architecture of APIM 3.0.0 and I am preparing the qualification environment for this next release. Among the APIM 3.0.0 components, there is WSO2 APIM Data Analytics Server 3.0.0 that relies on SP. My question: can we expect an implementation of siddhi-store-cassandra (https://github.com/wso2-extensions/siddhi-store-cassandra) ? Our future directions consist of using the NoSQL Cassandra database for these use cases. Our infrastructure is Cassandra ready. Thanks, Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Using Kubernetes ConfigMaps for Managing Product Configurations
at org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:107) at org.eclipse.osgi.framework.internal.core.BundleContextImpl.dispatchEvent(BundleContextImpl.java:861) at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230) at org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:148) at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:819) at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:771) at org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130) at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:214) at org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:433) at org.eclipse.equinox.http.servlet.internal.Activator.registerHttpService(Activator.java:81) at org.eclipse.equinox.http.servlet.internal.Activator.addProxyServlet(Activator.java:60) at org.eclipse.equinox.http.servlet.internal.ProxyServlet.init(ProxyServlet.java:40) at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.init(DelegationServlet.java:38) at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1269) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1182) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1072) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5368) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5660) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1571) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1561) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Thanks, Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Using Kubernetes ConfigMaps for Managing Product Configurations
Hi All, Thank you all. A PR has just been submitted (https://github.com/wso2/kubernetes-apim/pull/27). I will be able to start testing on openshift 3.4. With this flexibility I can really adapt easily and efficiently to our different constraints without the cumbersome to create as many docker images as it was before. Thanks again. Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] APIM 2.1.0 - Distributed setup - Why there is two PODs (apim-pubstore-tm-1 & apim-pubstore-tm-2) instead of one POD (apim-pubstore-tm) with replication factor 2?
Hi Pubudu, Apparently this is the same for the analytics module (https://github.com/wso2/kubernetes-apim/issues/10). Apparently this is the same for the analytics module. In this case and for my context (using OpenShift) I do not see the interest of this pattern-2: it's better to have: - one POD for publisher-store with RF as needed (https://github.com/wso2/docker-apim/tree/master/docker-compose/pattern-6). - two PODs tm-1 and tm-2 (http://wso2.com/library/articles/2016/10/article-scalable-traffic-manager-deployment-patterns-for-wso2-api-manager-part-1/) Thanks, Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] APIM 2.1.0 - Distributed setup - Why there is two PODs (apim-pubstore-tm-1 & apim-pubstore-tm-2) instead of one POD (apim-pubstore-tm) with replication factor 2?
Hi, With APIM 2.1.0 distributed setup on OpenShift (https://github.com/wso2/kubernetes-apim/tree/2.1.0/pattern-2) why there is two PODs (apim-pubstore-tm-1 & apim-pubstore-tm-2) instead of one POD (apim-pubstore-tm) with replication factor 2? I cannot see the difference between the two configurations: apim-pubstore-tm-1 & apim-pubstore-tm-2. Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Using Kubernetes ConfigMaps for Managing Product Configurations
Hi Imesh, Our target architecture is validated. <http://wso2-oxygen-tank.10903.n7.nabble.com/file/t1589/APIM-ARCH-00.png> <http://wso2-oxygen-tank.10903.n7.nabble.com/file/t1589/APIM-ARCH-01.png> *Production Environment* Enterprise Integrator: Integration Profile - 2 - active/active Enterprise Integrator: Analytics - 2 - active/active API Manager : Gateway - 2 - active/active API Manager : Key Manager - 2- active/active API Manager : Publisher/Store/Traffic Manager - 2- active/active API Analytics - 2 - active/active *Pre Production* Enterprise Integrator: Integration Profile - 1 - active Enterprise Integrator: Analytics - 1 - active API Manager : Gateway - 1 - active API Manager : Key Manager - 1- active API Manager : Publisher/Store/Traffic Manager - 1- active API Analytics - 1 - active And I have to quickly provide an environment to run the security audit. If you can now provide the first elements of this solution (*) for APIM 2.1.0 on OpenShift 3.4 and +, this will allow me to advance and make you back this week. (*) : The plan is to add all config folders as configmaps and update the Dockerfile to include commands to copy those if available. As a result users will not need to re-build Docker images for adding any of the configurations. Thanks, Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Using Kubernetes ConfigMaps for Managing Product Configurations
Hi Imesh, That's what I was looking for. Before this solution, to avoid creating as many docker images as environments and components, and taking into account the current limit (https://github.com/wso2/kubernetes-apim/issues/15), I planned to use the solution (https://github.com/eleks/wso2-dockers) I will start with APIM 2.1.0 (https://github.com/wso2/kubernetes-apim/tree/2.1.0). Thanks, Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] WSO2 Identity Server 6.0.0-M2 Released !
Hi Farasath, Thank you. it works. Thanks Youcef HILEM -- View this message in context: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Identity-Server-6-0-0-M2-Released-tp146759p150839.html Sent from the WSO2 Architecture mailing list archive at Nabble.com. ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] WSO2 Identity Server 6.0.0-M2 Released !
Hi, The documentation is not accessible. Login is required : https://accounts.internal.wso2.com/authenticationendpoint/login.do?RelayState=%2Fpages%2Fviewpage.action%3FspaceKey%3DIS600%26title%3DWSO2%2BIdentity%2BServer%2BDocumentation&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=1731ea6b-e26a-401f-9a73-d633d4da294e&relyingParty=https%3A%2F%2Fdocs.wso2.com%2Fplugins%2Fservlet%2Fsamlsso&type=samlsso&sp=Docssite&isSaaSApp=false&authenticators=WSO2InternalAuthenticator:LOCAL -- View this message in context: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Identity-Server-6-0-0-M2-Released-tp146759p150742.html Sent from the WSO2 Architecture mailing list archive at Nabble.com. ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture