Apigee intergration with siteminder

santosh_ghalsas · 08-10-2017 02:39 AM

Hi,

I was looking for options to integrate siteminder with edge instance on prem as well as on apigee managed cloud.

It is mentioned in below link that apigee supports siteminder -

https://apigee.com/about/tags/authorization-0

But I could not find any link that explains this in detail. I got to know that public cloud apigee does not support siteminder integration. Please confirm if this is true. Also please let me know if we have any article that explains the integration options in detail like we have for ping federate -

https://community.apigee.com/content/kbentry/30214/apigee-integration-options-with-identity-provider...

Thanks,

Santosh

divyaachan

@santosh_ghalsasi It really depends on what type of siteminder integration are you looking for. If you are a public cloud customer then we support a SAML SSO for Edge management UI and Dev Portal with Siteminder.

More details on this you can follow in the below articles :

https://community.apigee.com/articles/39063/enable-saml-for-apigee-edge-production-organizatio.html

http://docs.apigee.com/api-services/content/enabling-saml-authentication-edge

santosh_ghalsas

Hi @Divya Achan,

Thank you for your reply. I want to use siteminder as a token master. Apps will directly contact siteminder to authenticate themselves/users and get a token that will be sent to Apigee for consuming APIs. Apigee will contact siteminder to validate the tokens and allow or deny the service depending on the response siteminder gives. So basically we want to integrate siteminder for securing APIs rather than enabling it for management UI or dev portal.

Please let me know the process to achieve this on both cloud and on prem instances.

Regards,

Santosh

divyaachan

@santosh_ghalsasi You can take a look at the below doc and example in it on how you can implement your usecase :

http://docs.apigee.com/api-services/content/use-third-party-oauth-system

Do check it out, and let us know if this is the answer you were looking for.

santosh_ghalsas

Hi @Divya Achan ,

Thank you for reply. Let me explain it a bit more. I might call a siteminder API or web service(I need to check if something like this is provided by siteminder) that can tell me if the token I present to it is valid or not. May be I will use a service callout policy to do this and then proceed ahead if token is valid.

Just wanted to know if we have to do any other settings here like installation of some siteminder agent in order to enable us call their APIs or web services.

Regards,

Santosh

santosh_ghalsas

Hi @Divya Achan ,

I guess we can use siteminder as Oauth provider via installing web agents but there is no rest API that is provided by siteminder. Please help to confirm if this is the correct way and whether it is supported in Apigee. Below is the reference link from siteminder -

https://docops.ca.com/ca-api-management-oauth-toolkit/3-0/en/apis-and-encapsulated-assertions/oauth-...

Thanks,

Santosh