Can we use OAuth 2.0 in Azure Api management without using AAD ?
We have created our Authentication server for OAuth 2.0 implementation.
If you build your client applications to talk directly to your OAuth2 server to obtain the JWT token, the API Management can validate that JWT Token before allowing access to your API. You can do this using the Validate-Jwt policy that looks like this if your OAuth server supports OpenId configuration:
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
<openid-config url="https://{Your OAuth Server}/.well-known/openid-configuration" />
<required-claims>
<claim name="id" match="all">
<value>insert claim here</value>
</claim>
</required-claims>
</validate-jwt>
More examples of how to use this policy can be found here
Yes, there is no requirement to use AAD, any OAuth 2.0 server should work.
Related
I would like to integrate Foundry with the central API gateway of our organisation.
Access of the gateway should be granted via OAuth2 via the "Third Party Applications" functionality of Foundry.
Now I am facing the problem, that our API Gateway only supports the Client Credential Flow in which no Authorization Token is used but only the Access Token. Is there a possibility to make Foundry follow the simplified flow w/o Auth token?
Foundry supports the OAuth2 Authorization Code grant which provides delegated access to Foundry resources and services.
Support for the OAuth2 Client Credentials grant, which allows service user access, is under limited release with a few customers. If it’s not available for you please reach out through your internal support channels. A general release is expected early this spring, I'll try and update here if that timeframe slips.
I'm trying to authenticate Azure App Configuration Service with access keys in APIM policies.
Can someone help how we can authenticate Azure App Configuration Service using Access keys in APIM policies.
You will need to implement the HMAC authentication as explained in the document below. There are code samples in a variety of languages in that doc too.
https://learn.microsoft.com/en-us/azure/azure-app-configuration/rest-api-authentication-hmac
Our EWS managed API application is currently using basic authentication with service account.
We are planning to change it to use OAuth authentication due to basic authentication won't work in 2020.
Will OAuth works with windows service in which there will be no user interaction? can we use OAuth Token from Azure AD when making EWS requests to read, update and delete user's calendar for on-prem exchange server and exchange online?
OAuth will work with a Windows service, using client credentials flow, AKA two-legged OAuth. Until Exchange 2019 appears, you can only do this with Exchange Online and Azure AD tokens.
One other thing: not only won't Basic Auth work in 2020, but I believe all of EWS will be deprecated in lieu of the Graph API by 2020.
Can we authenticate against OpenShift enterprise 3.2 or 3.3 REST API's using username and password instead of tokens?
Thanks much in advance!
As stated in openshift documentation:
Requests to the OpenShift Container Platform API are authenticated using the following methods:
OAuth Access Tokens
Obtained from the OpenShift Container Platform OAuth server using the /oauth/authorize and /oauth/token endpoints.
Sent as an Authorization: Bearer… header or an access_token=… query parameter
X.509 Client Certificates
Requires a HTTPS connection to the API server.
Verified by the API server against a trusted certificate authority bundle.
So you need to authenticate using either of these ways
We are using WSO2 API Manager as a gateway to route requests to backend. We have a requirement to verify user credentials and authorization by making a call to Oracle Identity Manager and Oracle Access Manager before making the call to the backend.
I have read the external LDAP user store configuration. But my client's enterprise is using Oracle identity management for user and access management.
How can this be done in WSO2 API manager.
With the current version of API-M which is 1.8.0, we can not add an external Identity Manager as the OAuth server for API Authorization. This sort of an integration will be possible with the next release of WSO2 API Manager which is 1.9.0.
However, you can integrate an external Identity Provider for user authentication by leveraging the capabilities of WSO2 Identity Server. You could integrate WSO2 API Manager with WSO2 Identity Server and user that for SSO and integrate with an external IDP. Please read this blog on how to achieve that.