This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apigee integration options with Identity Providers (like- Ping, forge rock and others)

on ‎08-16-2016 02:19 PM

Not applicable
6 4 8,236

Ping-Identity as OAuth Provider:

Option 1 : Ping-Identity is the system of record for Dev, App, Token and Consent data. Apigee calls on to Ping-Identity to validate tokens and apps during runtime.

Option 2 : Ping-Identity’s Dev, App, Token and Consent data is synchronously synced with Apigee OAuth . Apigee OAuth capabilities are used in runtime.

Apigee as OAuth Provider :

–Apigee is the system of record for Dev/App/Token and uses Ping-Identity as IDP for end-user authentication and authorization.

–Complete Apigee OAuth solution end to end. Authentication, Authorization and Consent management.

Ping Identity as OAuth Provider – Option 1

3378-screen-shot-2016-08-16-at-112308-am.png

Pros:

Enable integration with Ping Identity OAuth.

Reuse all existing Ping Identity setup as it is.

Cons:

Lose Apigee Developer and App Ecosystem capabilities.

–API Product bundling and access control.

–Developer Quota management.

–Ability to manage Developer and App using Mgmt UI.

Lose Apigee Analytics capabilities around Oauth and reduces/eliminates Apigee’s ability to get visibility into the end user indentiy. This impacts customer ability to track end user activities for business intelligence, predictive analytics, etc.

Negative impact on runtime API performance and latency as Apigee GW needs to do service callouts to Ping Identity to validate access tokens and load attributes.

Custom Apigee DevPortal integration with Ping Identity

Ping Identity as OAuth Provider - Option 2 (Sync)

3380-screen-shot-2016-08-16-at-113208-am.png

Pros:

•Use Ping Identity OAuth.

•Enables Apigee Developer and App ecosystem capabilities.

•Use Apigee OAuth policies.

•Enable Apigee OAuth analytics.

Cons:

•Complex design.

•Additional development cost.

•Troubleshooting complexity.

•Custom Apigee DevPortal integration with Ping Identity

Apigee OAuth integration with Ping Identity IDP (Recommended Option)

3385-screen-shot-2016-08-16-at-21231-pm.png


Pros:

•Apigee integrates with Ping Identity.

•Enables Apigee Developer and App ecosystem.

•Enables Apigee OAuth Analytics.

•Apigee’s standard development and integration pattern.

•Ready integration with Apigee’sDevPotal.

•No impact on performance or latency.

•No development overhead as we can leverage built-in OAuth policies.

Cons:

•NA

Preview file
82 KB
Preview file
206 KB
Preview file
78 KB
Topic Labels
Comments
david_ryan
New Member
‎01-03-2017 09:33 AM

Is there any more information, documentation or samples for the recommended option above ?

Not applicable
‎10-17-2017 02:17 AM

@Vinit Mehta

Is any samples available for above approach

Not applicable
‎05-29-2018 03:17 AM

Thanks for sharing.. Is there any detailed documentation for the recommended the flow which might answer specific questions like:

  • What kind of tokens can be issued by PING? - Self-contained / Opaque
  • Can PING provide the secret along with Client ID as part of Developer App registration?
sidd-harth
Bronze 1
Bronze 1
‎05-29-2018 03:39 AM

Hi @Ramakrishna Kalivarapu, please create a new question by clicking Ask a Question option.

Version history
Last update:
‎08-16-2016 02:19 PM
Updated by: