Testing Identity Management systems
Most corporations deploy LDAP severs such as OpenLDAP to store identities used for SSO and API identity management. Application users authenticate against these LDAP servers to gain access to APIs. To avoid an intrusive, non-scalable agent-based model — where every application installs and manages an agent for authentication and authorization — enterprises generally opt to simplify to a centralized model by deploying API gateways. In this tutorial, you will learn how to use an LDAP server along with Forum Sentry API Gateway to enable access control of your APIs.
This tutorial builds on Using HTTP Basic Auth for API Identity Management in which we show how to lock an API via on-board user identities. By connecting Forum Sentry to an LDAP server — Online LDAP Test Server — we enable off-board user identity management while alleviating the burden from individual applications to code their own access control.
Navigate to ACCESS–>LDAP. As shown in the screenshot above, Forum Sentry API Gateway can easily be integrated with an LDAP server by providing connectivity information and specifying the Root DN. The User/group context can be selected to bind to a specific group of users. For example, in the Online LDAP Test Server, you can bind to Root DN: ou=scientists, dn=example, dn=com by selecting the Group containing users context shown in the screenshot above.
To enable off-board user access to managed APIs, navigate to ACCESS –> User ACLs. Select TestACLWide and select the new LDAP policy to add all users in the LDAP server to this ACL. Wherever the ACL policy TestACLWide is being used to lockdown API resources, the users stored in the LDAP server now have access to these API resources. Note that a hybrid model of on-board and off-board users is readily configured by simply adding the LDAP policy to the ACL group. Additional identity stores including RSA SecureID, Kerberos, SiteMinder, PingFederate can similarly be added to an ACL. This model of using an API gateway removes the need for direct code-level integration with single identity stores and enables significant management, performance and maintenance advantages compared to agent-based identity solutions.
You might also like
Anti Globalization Folkby areforwhat
What Are We For?
By Michael Albert
Anti-globalization activists understand that sympathetic and mutually beneficial global ties are good. But we want social and global ties to advance universal equity, solidarity, diversity, and self-management, not to subjugate ever-wider populations to an elite minority. We want to globalize equity not poverty, solidarity not anti-sociality, diversity not conformity, democracy not subordination, and ecological balance not suicidal rapaciousness.
Two questions arise. Why do these aspirations leave us critical of corporate globalization? And what new institutions do we propose for meeting these aspirations?
Rejecting Capitalist Globalization
Current international market trading benefits overwhelmingly those who enter todays exchanges already possessing the most assets
Cybersecurity: Managing Systems, Conducting Testing, and Investigating Intrusions
Senate panel OKs $51 billion for Commerce, Justice, Science
One sticking point is the House's desire to limit funding for the National Strategy for Trusted Identities in Cyberspace, a plan designed to come up with a new system for managing identities online.