[prev in list] [next in list] [prev in thread] [next in thread]
List: wsas-java-dev
Subject: Re: [Dev] Support multiple jwt issuers in the microgateway
From: Rajith Roshan <rajithr () wso2 ! com>
Date: 2019-12-16 4:40:04
Message-ID: CAL=cp-cRH43qVJ5Mnr8XeSrBfZ0gGhx-pV5dyiuZiMCT7vauzA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Fri, Dec 13, 2019 at 10:02 PM Harsha Kumara <harshak@wso2.com> wrote:
>
>
> On Fri, Dec 13, 2019 at 12:30 PM Rajith Roshan <rajithr@wso2.com> wrote:
>
>> Hi all,
>> In microgateway 3.0.2 version we only supports jwt tokens issued by a
>> single issuer. (The current config [1]). But there can be use cases where
>> microgateways need to support jwts issued by multiple issuers (STS).
>> So we are planning to support the multiple issuers with jballerina update
>> of the microgateway. For each new issuer defined in the config,
>> authentication handler will be registered during the mgw startup and each
>> token will be validated by each handler until the correct handler is found
>> for that particular issuer of the token.
>> We are planning to extend the configuration as below [2].
>> Ideally the config should look like [3]. But in ballerina right now there
>> is a limitation in the config API in order to read the array objects from
>> the toml files.
>> Please find the github issue [4].
>> Please share your thoughts about this.
>>
> Looks fine till we this getting fix from bellerina. But this will involve
> with a migration when it's fixed. How soon can we get this fixed from
> ballerina and proceed with the [3]?
>
Seems like this will be available[1] in ballerina 1.1.1. I think we can use
the array functionality once it is available. @Pubudu Fernando
<pubuduf@wso2.com> is there any rough date when this would be available.
[1] -
https://github.com/ballerina-platform/ballerina-lang/issues/10633#issuecomment-565413239
>
>> [1] -
>> [jwtTokenConfig]
>> issuer="https://localhost:9443/oauth2/token"
>> audience="http://org.wso2.apimgt/gateway"
>> certificateAlias="wso2apim"
>>
>> [2]
>> [*jwtTokenConfig*]
>> issuer="https://localhost:9443/oauth2/token"
>> audience="http://org.wso2.apimgt/gateway"
>> certificateAlias="wso2apim"
>>
>> [*jwtTokenConfig1*]
>> issuer="issuer1"
>> audience="aud1"
>> certificateAlias="alias1"
>>
>> [*jwtTokenConfig2*]
>> issuer="issuer2"
>> audience="aud2"
>> certificateAlias="alias2"
>>
>> [3]
>> [[*jwtTokenConfig*]]
>> issuer="https://localhost:9443/oauth2/token"
>> audience="http://org.wso2.apimgt/gateway"
>> certificateAlias="wso2apim"
>>
>> [[*jwtTokenConfig*]]
>> issuer="issuer1"
>> audience="aud1"
>> certificateAlias="alias1"
>>
>> [[*jwtTokenConfig*]]
>> issuer="issuer2"
>> audience="aud2"
>> certificateAlias="alias2"
>>
>> [4] - https://github.com/wso2/product-microgateway/issues/271
>>
>> Thanks!
>> Rajith
>> --
>> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
>> (m) +94-717-064-214 | (e) rajithr@wso2.com <shenavi@wso2.com>
>> blog: http://www.rajithr.com
>>
>> <https://wso2.com/signature>
>>
>
>
> --
>
> *Harsha Kumara*
>
> Technical Lead, WSO2 Inc.
> Mobile: +94775505618
> Email: harshak@wso2.coim
> Blog: harshcreationz.blogspot.com
>
> GET INTEGRATION AGILE
> Integration Agility for Digitally Driven Business
>
--
*Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
(m) +94-717-064-214 | (e) rajithr@wso2.com <shenavi@wso2.com>
blog: http://www.rajithr.com
<https://wso2.com/signature>
[Attachment #5 (text/html)]
<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Fri, Dec 13, 2019 at 10:02 PM Harsha Kumara <<a \
href="mailto:harshak@wso2.com">harshak@wso2.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><br></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Dec 13, 2019 at 12:30 \
PM Rajith Roshan <<a href="mailto:rajithr@wso2.com" \
target="_blank">rajithr@wso2.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi all,<div>In microgateway 3.0.2 \
version we only supports jwt tokens issued by a single issuer. (The current config \
[1]). But there can be use cases where microgateways need to support jwts issued by \
multiple issuers (STS).</div><div>So we are planning to support the multiple \
issuers with jballerina update of the microgateway. For each new issuer defined in \
the config, authentication handler will be registered during the mgw startup and each \
token will be validated by each handler until the correct handler is found for that \
particular issuer of the token.</div><div>We are planning to extend the configuration \
as below [2].</div><div>Ideally the config should look like [3]. But in ballerina \
right now there is a limitation in the config API in order to read the array objects \
from the toml files.</div><div>Please find the github issue [4].</div><div>Please \
share your thoughts about this.<br clear="all"></div></div></blockquote><div>Looks \
fine till we this getting fix from bellerina. But this will involve with a migration \
when it's fixed. How soon can we get this fixed from ballerina and proceed with \
the [3]? </div></div></div></blockquote><div>Seems like this will be available[1] in \
ballerina 1.1.1. I think we can use the array functionality once it is available. <a \
class="gmail_plusreply" id="plusReplyChip-0" href="mailto:pubuduf@wso2.com" \
tabindex="-1">@Pubudu Fernando</a> is there any rough date when this would be \
available.</div><div><br></div><div>[1] - <a \
href="https://github.com/ballerina-platform/ballerina-lang/issues/10633#issuecomment-5 \
65413239">https://github.com/ballerina-platform/ballerina-lang/issues/10633#issuecomment-565413239</a></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div \
class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div><div><br></div><div>[1] - \
</div><div>[jwtTokenConfig]<br>issuer="<a \
href="https://localhost:9443/oauth2/token" \
target="_blank">https://localhost:9443/oauth2/token</a>"<br>audience="<a \
href="http://org.wso2.apimgt/gateway" \
target="_blank">http://org.wso2.apimgt/gateway</a>"<br>certificateAlias="wso \
2apim"<br></div><div><br></div><div>[2]</div><div>[<b>jwtTokenConfig</b>]<br>issuer="<a \
href="https://localhost:9443/oauth2/token" \
target="_blank">https://localhost:9443/oauth2/token</a>"<br>audience="<a \
href="http://org.wso2.apimgt/gateway" \
target="_blank">http://org.wso2.apimgt/gateway</a>"<br>certificateAlias="wso \
2apim"<br></div><div><br></div><div>[<b>jwtTokenConfig1</b>]<br>issuer="issu \
er1"<br>audience="aud1"<br>certificateAlias="alias1"<br></div \
><div><br></div><div>[<b>jwtTokenConfig2</b>]<br>issuer="issuer2"<br>audienc \
> e="aud2"<br>certificateAlias="alias2"<br></div><div><br></div><div>[3]</div><div>[[<b>jwtTokenConfig</b>]]<br>issuer="<a \
> href="https://localhost:9443/oauth2/token" \
> target="_blank">https://localhost:9443/oauth2/token</a>"<br>audience="<a \
> href="http://org.wso2.apimgt/gateway" \
> target="_blank">http://org.wso2.apimgt/gateway</a>"<br>certificateAlias="w \
> so2apim"<br></div><div><br></div><div>[[<b>jwtTokenConfig</b>]]<br>issuer=" \
> ;issuer1"<br>audience="aud1"<br>certificateAlias="alias1"<b \
> r></div><div><br></div><div>[[<b>jwtTokenConfig</b>]]<br>issuer="issuer2"< \
> br>audience="aud2"<br>certificateAlias="alias2"<br></div><div><br></div><div>[4] \
> - <a href="https://github.com/wso2/product-microgateway/issues/271" \
> target="_blank">https://github.com/wso2/product-microgateway/issues/271</a></div><div><br></div><div>Thanks!</div><div>Rajith</div>-- \
> <br><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div \
> dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><b>Rajith Roshan</b> | \
> Associate Technical Lead | <span style="font-size:12.8px">WSO2 \
> Inc.</span><div><span style="font-size:12.8px">(m) +94-717-064-214 | (e) <a \
> href="mailto:shenavi@wso2.com" style="color:rgb(17,85,204)" \
> target="_blank">rajithr@wso2.com</a></span><span \
> style="font-size:12.8px"><br></span></div><div>blog: <a \
> href="http://www.rajithr.com" \
> target="_blank">http://www.rajithr.com</a></div><div><span \
> style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><a \
> href="https://wso2.com/signature" style="color:rgb(17,85,204)" target="_blank"><img \
> src="http://c.content.wso2.com/signatures/wso2-mail-signature-general.png" \
> width="200" height="35"></a></span></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr"><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div><div><b>Harsha \
Kumara<br></b></div><div><b><br></b></div>Technical Lead, WSO2 Inc.<br></div>Mobile: \
+94775505618<br></div><div>Email: <a href="mailto:harshak@wso2.coim" \
target="_blank">harshak@wso2.coim</a></div>Blog: <a \
href="http://harshcreationz.blogspot.com" \
target="_blank">harshcreationz.blogspot.com</a><br></div></div><div \
dir="ltr"><br></div><div dir="ltr"><div>GET INTEGRATION AGILE</div><div>Integration \
Agility for Digitally Driven \
Business</div></div></div></div></div></div></div></div></div> </blockquote></div><br \
clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div \
dir="ltr"><div dir="ltr"><div dir="ltr"><div><b>Rajith Roshan</b> | Associate \
Technical Lead | <span style="font-size:12.8px">WSO2 Inc.</span><div><span \
style="font-size:12.8px">(m) +94-717-064-214 | (e) <a \
href="mailto:shenavi@wso2.com" style="color:rgb(17,85,204)" \
target="_blank">rajithr@wso2.com</a></span><span \
style="font-size:12.8px"><br></span></div><div>blog: <a href="http://www.rajithr.com" \
target="_blank">http://www.rajithr.com</a></div><div><span \
style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><a \
href="https://wso2.com/signature" style="color:rgb(17,85,204)" target="_blank"><img \
src="http://c.content.wso2.com/signatures/wso2-mail-signature-general.png" \
width="200" height="35"></a></span></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic