Hi all , can you please confirm that APigee Edge 4.17.05 supports the following list of features?
1 – policy / feature to validate saml assertion signed with algorithm SHA 256
2 – policy / feature to validate json web token signed with algorithm SHA 256
3 – policy / feature to generate user bearer access token (in the db has to be stored the oauth2 bearer token, the subject present in the sam assertion / JWT, the scope defined in the request, the refresh token)
4 – policy / feature to generate application token (not linked to specific user)
5 – policy to enable forwarding of user attributes as http headers to final back end. The user attributes have to be retrieved from Active directory using as common name the subject linked to the bearer access token
6 – policy / feature to revoke / invalidate the bearer access token
7 – possibility to publish SOAP endpoint exposing them as REST (possibility to configure sequence IN – sequence OUT mediation)
8 - possibility to add custom attributes on organization (in order to retrieve them when an API is invoked by using token application)
Thanks
Cosimo
Item #1: Yes. See link here: http://docs.apigee.com/api-services/reference/saml-assertion-policy
Item #2: Yes, with a javascript or javacallout. See this: https://github.com/apigee/iloveapis2015-jwt-jwe-jws
Item #4: Yes, with a client credentials grant.
Item 6: http://docs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/oauth2/revoke
Item #7: Yes, there is a wizard. See here: https://community.apigee.com/articles/18200/tutorial-convert-your-web-service-from-soap-to-res.html
Hi @Srinandan Sridhar many thanks for your time and answers. Any suggestion in order to address the others points?
Thank you
Best Regards
Cosimo
Item #8: If I understand the question right, then yes, you can add custom attributes to OAuth tokens. When the token is validated, these custom attributes are accessible to the API Proxy (to make further decisions). See more here: http://docs.apigee.com/api-services/reference/set-oauth-v2-info-policy
Item #5: Yes, this is possible. The LDAP Policy (http://docs.apigee.com/api-services/reference/ldap-policy) will allow you to search AD. You can then use something like an "Assign Message" policy to set custom HTTP Headers.
Hi @Srinandan Sridhar is it possibile use LDAP Policy without the password but using only the username?
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |