stackoom
  简体   繁体   中英

WSO2 - Identity Server and API Manager working together

 原文  2013-01-20 22:46:44       api/ wso2/ wso2is/ wso2-am

Question

I'm evaluating WSO2 Identity Server and WSO2 API Manager.

I registered an API and an application on API Manager. I can call the resources successfully.

I could also add an user into Identity Server and log into that using oAuth authentication.

But, it's not too clear how I can use those two systems together. I would like to use API Manager to expose my API's to some applications. And, I would like to use Identity Server to log the final user. Is that possible? How can I "plug" those two systems?

I am not sure if that's the best way to do that, so, please, advice me.

Thanks

3 answers

solution1
 2  2016-01-20 17:24:21

According to my understanding of your use case is you need to expose the API's securely. So you need to used WSO2 Identity Server and WSO2 API Manger. In addition to that you need the best approach for above use case. With above two product we have below two option.

  1. Configuring WSO2 Identity Server as the Key Manager in WSO2 API Manager (This link gives a different version combination of both products)

    Here we need to add key manger feature to the WSO2 IS.

  2. Configuring the Pre-Packaged Identity Server 5.0.0 with API Manager 1.9.0

In here 1st option have manual configurations. But,2nd option minimized the manual configuration.

solution2
 0  2013-01-24 05:29:48

The purpose of using the Identity Server is not too clear. Is it to separate the authentication/authorization from the API Manager instance?

By default API Manager is shipped with a Key Management Server component that is responsible for all security and key related operations.This can be configured to authenticate users against a defined user store or multiple user stores. Authorization is based on oAuth 2.0. However, in a production deployment, we recommend that this component is deployed as a separate server instance so that it runs as an external Key Management Server.

This is done by simply using another copy of the API Manager distribution and configuring it as a Key Manager server node.

Hope this helps.

Regards, Gillian

solution3
 0  2016-07-11 15:10:16

My understanding is,

  • if you wanted to use WSO2 API manager (AM) as an API gateway, you don't need a separate IS as AM included an IS engine with security mechanism included such as key manager.

  • If you need single sign on across all AM components, and you do NOT have other identity provider (IdP), you need a aeparate IS

  • However, if you do have a separate IdP, you don't need to install an IS server to implement SSO for AM, although the documentation from IS may suggest you do so. For example, a successful SSO implementation has been done with PingFederate/PingIdentity. See How to integrate WSO2 API Manager (AM) 1.10.0 with PingFederate SAML 2.0?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question oAuth2 - WSO2 API Manager and Identity Server Integration WSO2 api manager with keycloak auth server What exactly is the difference between “WSO2 API Manager” and “WSO2 Data Analytics Server” and “WSO2 Application Server”? Authentication with WSO2 API Manager WSO2 Identity Server managing users and roles through API Cannot access statistics - WSO2 API Manager and WSO2 BAM WSO2 API Manager API WSDL Integrated Rest API to wso2 API manager WSO2 API Manager Log creating an API Publish existing API in WSO2 API Manager
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM