This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sending client authentication information to backend services

Hi!

 

We are currently using Access manager in front of our REST services. We use it mainly to provide OAuth atuhentication, but one of Access manager functionality is also to provide authenticated user information to backend REST services (they are hidden behind Access Gateway).

This is done by injecting user's LDAP attributes (stored in oauth claim) into HTTP request header using Access manager identity injection policy. Those headers are then parsed by backend REST services to provide proper response.

 

Now back to Secure API Manager.

I have not installed product and only read documentation. I really like possibilities that API Gateway could give us, but I haven't noticed that API gateway would have a possibility to pass information from OAuth token to backend REST services.

Is there a way to do that?

 

Thanks for your answers and kind regards,

Sebastijan

 

Kind regards,

Sebastijan

If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

Labels:

Secure API Manager
Parents
  • 0

    Secure API Manager API Gateway can surely pass through an OAuth token, but today it does not have the ability to inject the LDAP attributes like you are doing with Access Gateway. Access Gateway as you know could pass through and OAuth token to the backend API services if required. API Gateway can front end Access Gateway (if you need additional API Gateway capabilities), but looks like Access Gateway should be sufficient for your need.

    Gireesh Kumar

    Sr. Product Manager - IAM

Reply
  • 0

    Secure API Manager API Gateway can surely pass through an OAuth token, but today it does not have the ability to inject the LDAP attributes like you are doing with Access Gateway. Access Gateway as you know could pass through and OAuth token to the backend API services if required. API Gateway can front end Access Gateway (if you need additional API Gateway capabilities), but looks like Access Gateway should be sufficient for your need.

    Gireesh Kumar

    Sr. Product Manager - IAM

Children
  • 0   in reply to 

    Hi Gireesh!

    Thanks for explanation. Customer is looking at SAPIM because they need rate limiting/throttling. But since NAM 5.0 supports unencrypted tokens (without specifying specific resource server), customer might ditch identity injection and just extract info from token passed to backend application.

    Kind regards, Sebastijan

    Kind regards,

    Sebastijan

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button