We are currently have 2.6.0 wso2 api manager and we hace a requirements to add multi factor authentication for our wso2 api manager.I have got the steps to add multi factor authentication for wso2 identity server from the official documentstion(given link below).Can u clarify if the steps are same for both identity server and api manager. Can u also clarify whether we can implement this steps in 2.6.0 version wso2 api manager.
I have referred the below link for enabling MFA
https://is.docs.wso2.com/en/latest/learn/configuring-sms-otp/
As out-of-the-box, the WSO2 API Manager doesn't support full-fledged Identity capabilities. Therefore, if you want to secure your Portals with MFA, it is recommended to configure an Identity Server as Key Manager with WSO2 API Manager.
Follow this documentation to configure WSO2 Identity Server as Key Manager with WSO2 API Manager v2.6.0.
Related
In API Manager, I pass APIs in API Manager with respective services, also after reading documentacion of API Manager version 3.0.0 (https://apim.docs.wso2.com/en/latest/GettingStarted/overview/), I know in Publisher there exists a ESB, also in my case I work with this cases I think is part of ESB:
WSO2 OAuth Mediator(JAR).
File JSON by WSO2 OAuth Mediator, with endpoints referents to API's I'm cosuming.
In publisher page I add Custom Policies in request or response.
But existing WSO2 Enterprise Integrator (EI) version 6.6.0, this component have a ESB.
My questions are:
In my case, really I work with ESB?
How to integrate API Manager with EI?
WSO2 API Manager gateway is built on top of Synapse engine which is the same engine used in WSO2 EI (ESB). Using API Manager you can do simple mediation. But if you want to do any complex mediation, then you should use EI (ESB) along with API Manager.
Can someone please clarify when to use API Manager and when to use Identity Server. I see that API Manager comes with Key Manager. Isn't that sufficient. I am really confused. Any help would be helpful.
Many thanks....
I hope this explaination will help you out,
WSO2 Identity Server
WSO2 Identity Server is a fully fledged Identity Management Solution which supports Authentication, Authorization, Single Sign-On and Identity Federation to name a few capabilities. WSO2 Identity Server supports almost all major identity protocols such as SAML, OAuth2, OpenID Connect etc.Take a look at this page to get an idea about the capabilities of WSO2 Identity Server.
WSO2 API Manager
WSO2 API Manager, on the other hand, focuses on managing your APIs. Managing life cycle of your APIs, Authorization, Throttling, applying policies on API consumers are some of the functionalities handled by API manager. API manager has several components such as publisher, store, gateway, key manager, traffic manager that clearly separates different aspects of API Management.
So the Key manager component is responsible for managing OAuth applications, generate, validate and revoke OAuth2 Tokens. API has an inbuilt key manager component to handle these functionalities.
API Manager also offers the flexibility to use an external key manager instead of its inbuilt one should you require to do so. This external key manager needs to confirm to an interface specified by API manager. By default, API has an implementation of this interface that allows WSO2 Identity Server to used an external key manager.
So whether or not you want to use Identity Server or any other external key manager is totally dependent on your use case and the API traffic.
You can use WSO2 Identity Server for all the authentication/authorization stuff:
XACML Architecture solution.
SSO with anothers webapps or WSO2 tools.
Implement a Oauth2 autorization mechanish
Federate authentication
etc....
You can uso WSO2 API Manager for expose unsecure resultful apis or webservices as secure apis using Oauth with monitoring and billings functionallities
The key manager functionallity properly decouples the operations for creating OAuth applications and validating access tokens so that you can even plug in a third party-authorization server for key validations.
In a DEV enviroment you can work with WSO2 API Manager without the WSO2 Identity Server at all.
In a production enviroment it's recommended to use a separate WSO2 API Manager as a Key Manager or use the WSO2 Identity Server as the Key Manager
Which inbuilt key manager ,WSo2 API Manager uses for managing access tokens. Is Ws02 Identity server built within API Manager.
I know that we can configure a third party key manager (with different Database) with WSo2 API Manager..but I am not sure what is the default key manager used in the API Manager.
Yes, WSO2 Identity Server features are installed within API Manager. And if you have a WSO2 Identity Server node running separately, it can also act as the key manager.
I am new to WSO2 API Manager and Identity Server. I have one requirement - to use customized OAUTH2.0 in WSO2 IS with WSO2 API Manager. Could you please let me know If there are any samples or examples for this requirement.
You can register your custom Oauth Provider as IDP in WSO2 Identity Server. You can refere this blog [Federated Authentication] OpenID-Connect IDP with WSO2 Identity Server on how to do that.
WSO2 API Manager don't support this. So, You have to combine WSO2 Identity Server with API Manager (Identity Server as Key Manager with API Manager).
Does WSO2 support a use case wherein its a SAML service provider instead of being an Identity provider?
I want to do a sample use case where wso2 is the identity provider and another instance that is a service provider. Is it possible to use wso2 as a service provider.
Yes.. It is possible, Because WSO2 Carbon product has an authentication framework that we can plug any authenticators. There is SAML2 SSO authenticator (Relying part) that can be plugged with Carbon server. You can find more details about it from WSO2 documentation from here