This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Configure Apigee Edge microgateway using a SAML-enabled machine user

Posted on 08-20-2021 12:31 PM
mw970
Staff
Reply posted on --/--/---- --:-- AM

Our Apigee Edge organization uses SAML to login. We have a machine user and need to use this user's credentials to run 

 

edgemicro configure -o [org] -e [env] -u [username]

 

However the credentials for our machine user are not accepted. How can we utilize the machine user to authenticate with edge microgateway?

Solved Solved
0 1 207
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
mw970
Staff
Reply posted on --/--/---- --:-- AM

This appears to be an omission from the edgemicro configure documentation section. To run edgemicro configure authenticating as a machine user, you need to use an OAuth token obtained from apigee-sso. To obtain the token, you can either use the Apigee get_token utility, or execute the following POST:

export MACHINE_USERNAME=mymachineuser # set machine username here
export MACHINE_PASSWORD=topsecret # set the password here
export SAML_ZONENAME=mysamlzone

curl -i -H "Content-Type: application/x-www-form-urlencoded;charset=utf-8" \
-H "accept: application/json;charset=utf-8" \
-H "Authorization: Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0" -X POST \
https://${SAML_ZONENAME}.login.apigee.com/oauth/token -s \
-d "grant_type=password&username=${MACHINE_USERNAME}&password=${MACHINE_PASSWORD}"

Once you have obtained the token, you can use it to configure microgateway as follows:

export ORG=myorg # set organization
export ENV=myenv # set environment
export TOKEN=token_value_from_previous_step # set access token
edgemicro configure -o ${ORG} -e ${ENV} -t ${TOKEN}

After that follow remaining edgemicro verify and start steps as mentioned in the documentation:

https://docs.apigee.com/api-platform/microgateway/3.2.x/setting-and-configuring-edge-microgateway#pa...

 

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
mw970
Staff
Reply posted on --/--/---- --:-- AM

This appears to be an omission from the edgemicro configure documentation section. To run edgemicro configure authenticating as a machine user, you need to use an OAuth token obtained from apigee-sso. To obtain the token, you can either use the Apigee get_token utility, or execute the following POST:

export MACHINE_USERNAME=mymachineuser # set machine username here
export MACHINE_PASSWORD=topsecret # set the password here
export SAML_ZONENAME=mysamlzone

curl -i -H "Content-Type: application/x-www-form-urlencoded;charset=utf-8" \
-H "accept: application/json;charset=utf-8" \
-H "Authorization: Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0" -X POST \
https://${SAML_ZONENAME}.login.apigee.com/oauth/token -s \
-d "grant_type=password&username=${MACHINE_USERNAME}&password=${MACHINE_PASSWORD}"

Once you have obtained the token, you can use it to configure microgateway as follows:

export ORG=myorg # set organization
export ENV=myenv # set environment
export TOKEN=token_value_from_previous_step # set access token
edgemicro configure -o ${ORG} -e ${ENV} -t ${TOKEN}

After that follow remaining edgemicro verify and start steps as mentioned in the documentation:

https://docs.apigee.com/api-platform/microgateway/3.2.x/setting-and-configuring-edge-microgateway#pa...

 

Jump to Solution
Top Solution Authors
View all