This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apigee features on Edge 4.17.05

Posted on 06-06-2017 09:21 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi all , can you please confirm that APigee Edge 4.17.05 supports the following list of features?

1 – policy / feature to validate saml assertion signed with algorithm SHA 256

2 – policy / feature to validate json web token signed with algorithm SHA 256

3 – policy / feature to generate user bearer access token (in the db has to be stored the oauth2 bearer token, the subject present in the sam assertion / JWT, the scope defined in the request, the refresh token)

4 – policy / feature to generate application token (not linked to specific user)

5 – policy to enable forwarding of user attributes as http headers to final back end. The user attributes have to be retrieved from Active directory using as common name the subject linked to the bearer access token

6 – policy / feature to revoke / invalidate the bearer access token

7 – possibility to publish SOAP endpoint exposing them as REST (possibility to configure sequence IN – sequence OUT mediation)

8 - possibility to add custom attributes on organization (in order to retrieve them when an API is invoked by using token application)

Thanks

Cosimo

0 5 129
Topic Labels
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM

Item #1: Yes. See link here: http://docs.apigee.com/api-services/reference/saml-assertion-policy

Item #2: Yes, with a javascript or javacallout. See this: https://github.com/apigee/iloveapis2015-jwt-jwe-jws

Item #4: Yes, with a client credentials grant.

Item 6: http://docs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/oauth2/revoke

Item #7: Yes, there is a wizard. See here: https://community.apigee.com/articles/18200/tutorial-convert-your-web-service-from-soap-to-res.html

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to Former Community Member
Reply posted on --/--/---- --:-- AM

Hi @Srinandan Sridhar many thanks for your time and answers. Any suggestion in order to address the others points?

Thank you

Best Regards

Cosimo

0 Likes

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
In response to Former Community Member
Reply posted on --/--/---- --:-- AM

Item #8: If I understand the question right, then yes, you can add custom attributes to OAuth tokens. When the token is validated, these custom attributes are accessible to the API Proxy (to make further decisions). See more here: http://docs.apigee.com/api-services/reference/set-oauth-v2-info-policy

0 Likes

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
In response to Former Community Member
Reply posted on --/--/---- --:-- AM

Item #5: Yes, this is possible. The LDAP Policy (http://docs.apigee.com/api-services/reference/ldap-policy) will allow you to search AD. You can then use something like an "Assign Message" policy to set custom HTTP Headers.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to Former Community Member
Reply posted on --/--/---- --:-- AM

Hi @Srinandan Sridhar is it possibile use LDAP Policy without the password but using only the username?

0 Likes