I have a requirement where I need to develop a microservice and secure the service using an enterprise IAM solution.
But I am very much confused now if at all IAM will solve my purpose or not.
As I have understood going through various articles, that IAM is for authorizing cloud resources.
But I need to authorize a user to allow accessing the external microservice api.
What do I need here for the solution? Is IAM alone sufficient for the authentication purpose?
If not please suggest in brief what I should look for.
Any hints on the Google cloud or IBM cloud will be very helpful. Thanks in advance.
I would use Google Oauth for this problem. I also believe IAM won't solve your problem.
Related
I'm looking to set up a SAML using OneLogin. I would like to authenticate using OneLogin's python package python3-saml or onelogin and then connect to Google API using googleapiclient.
As of now, I couldn't find any documentation on how to go about this.
Does anyone have any example they can share with me on achieving this type of authentication or provide me some useful links to read up on this topic?
Thank you very much!!
I am fairly new to GCP and Apigee both. I currently have a Node.js application on App Engine that has one simple GET endpoint.
For my use case I want people to access the endpoint through an Apigee Edge proxy and make the App Engine endpoint not accessible to anybody else.
I’ve read that one-way or two-way SSL might be the solution, but I’m fairly new to this and was wondering if you you could provide me with some directions. Thank you greatly! 😃
Searching about it, it seems that using mTLS is the best option for you to secure your App Engine with Apigee - as per the Apigee Community on this post.
I would recommend you to take a look at the mTLS documentation and you can check the documentation API Management Platform for more information about Apigee as well.
Let me know if the information helped you!
First of all, I apologize in advance for my naïveté on the topic.
I am trying to create a few microservices that are exposed using an API gateway. A few of these services will need credentials from Google account to access Google Calendar/Gmail etc.. is there any way for a user to only have to login once so that the credentials are all shared between the services? Or should only one service be facing the Google services with credentials?
It seems possible, you can ask a user to authenticate and authorize all permissions your application will need, all at once. But think about the user, when an application requires to access gmail, hangouts, photos, camera, etc. at once, the user normally disbelieve the application. So, the recommended approach is asking for the specific permission when the application requires it so that the user can realize each action you app do.
There exist many different ways to address your question depending on details, however the following link can help you to know where to start:
This link (Google Sign-in) has a wide context on all the Identity mechanisms to look for the most appropriate for you.
This another one explain all possible Identity mechanisms for specific use cases.
This authentication example for Google Calendar is useful, but this post explain how microservices authentication and authorization was solved.
Currently all users of my web application are authenticated against stormpath. From now on, that web application will need to consume a rest api hosted on Apigee. Here start my doubts.
Apigee grants access to API through oauth2.0. That's great. However i'd like to know wheter I'll be able to keep the current webapp authentication in Stormpath service or not. I'm not an expert in Oauth. Thus, I'm not sure if it's feasible to authenticate in Stormpath and thereafter ask for an AccessToken in Apigee. The WebApplication will have the client credential in order to ask for Access Tokens.
Being straigthforward: Could user be authenticated in a third party service and still get an Oauth Access Token to a Rest API hosted in Apigee ??
Thanks a lot.
Yo #blackjack,
Just a heads up, but Stormpath does support API authentication (via OAuth). If you're using them already, it should be a piece of cake to get working =)
Well, I got no answers. It's better not choosing Apigee, I think. No community support. I'll move on.
Thanks anyway.
Anyone know of a service oriented membership provider / service? I’m looking for a hosted solution that provides user registration and authentication services. Basically I don’t want to deal with managing user credentials for my applications. I’d rather leave that to a service that specializes in that. Anything like that out there?
Well, you can just use OpenId: http://openid.net/
OpenID or Facebook Connect suitable for your project?