Setting up a proper security

[4integ...@gmail.com]

Hi,

We have implemented API's used internally. They require authentication/authorization by our Identity Provider implemented with IdentityServer3 and using OAuth2 and Client Credentials Flow.

How should we implement 3scale API Management the best way? Any input/thoughts are welcome.

/ Joacim

[pim.g...@gmail.com]

As mentioned in this thread Red Hat SSO or Keycloak is the recommended way for using Oauth2 or OIDC with 3Scale: https://groups.google.com/forum/#!topic/3scale-api-management-by-red-hat/CWTjPVnWY88 

I am not really familiar with IdentityServer3, but assuming it is a Oauth2 complient identity provider like you mentioned you can leverage the identity brokering feature of Red Hat SSO/Keycloak to connect to IdentityServer3. By default most of the popular identity providers like Google and GitHub are out of the box supported, but you can add your own. I know this is possible with an OIDC identity provider. Not sure if it will work with IdentityServer3. 

Documentation on how to connect an external identity provider can be found here: https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.2/html/server_administration_guide/identity_broker#openid_connect_v1_0_identity_providers 

After which you can connect 3Scale with Red Hat SSO/Keycloak in the default manner described in the documentation: https://access.redhat.com/documentation/en-us/red_hat_3scale/2.1/html/api_authentication/oauth2 

Op woensdag 7 februari 2018 09:45:05 UTC+1 schreef 4integ...@gmail.com: