使用WSO2 IS保护RESTful API
[英]Securing RESTful APIs using WSO2 IS
问题描述
I'm developing a number of RESTful API's and they are consumed by another web applications. 
我正在开发许多RESTful API,它们已被另一个Web应用程序使用。
- What is the most secure protocol (SAML2 or oAuth2) for use in this scenario ? 在这种情况下使用的最安全的协议(SAML2或oAuth2)是什么?
- What is the best approach to secure RESTful web services using WSO2 Identity Server ? 使用WSO2 Identity Server保护RESTful Web服务的最佳方法是什么?
1 个解决方案
解决方案1
0 2016-01-20 05:53:42
First differentiate OAuth and SAML, its not about what is more secure but what is most suitable for your scenario. 首先区分OAuth和SAML,其重点不是什么更安全,而是最适合您的方案。 SAML is mainly used if you need to have SSO (Single Sign On), Federation and Identity Management. 如果需要SSO(单点登录),联合身份验证和身份管理,则主要使用SAML。 OAuth is a authorization resource standard [1]. OAuth是授权资源标准[1]。
You can simply secure REST APIs by using only WSO2 APIM which has OAuth out of box. 您只需使用开箱即用的OAuth的WSO2 APIM即可简单地保护REST API。 You can easily follow APIM Quick Start guide and setup it [2]. 您可以轻松地按照APIM快速入门指南进行设置[2]。 If you need to achieve more requirements like SSO and federation, you need to integrate WSO2 IS [3] 如果您需要实现SSO和联合身份验证等更多要求,则需要集成WSO2 IS [3]
[1] https://dzone.com/articles/saml-versus-oauth-which-one [1] https://dzone.com/articles/saml-versus-oauth-which-one
[2] https://docs.wso2.com/display/AM1100/Quick+Start+Guide [2] https://docs.wso2.com/display/AM1100/Quick+Start+Guide
[3] https://docs.wso2.com/display/CLUSTER44x/Configuring+the+Identity+Server+5.1.0+as+a+Key+Manager+with+API+Manager+1.10.0 [3] https://docs.wso2.com/display/CLUSTER44x/Configuring+the+Identity+Server+5.1.0+as+a+Key+Manager+with+API+Manager+1.10.0
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.