WSO2 - Identity Manager and API Manager working together
I am evaluating WSO2 Identity Server and WSO2 API Manager.
I have registered the API and application in the API Manager. I can use resources successfully.
I could also add a user to the Identity Server and log in using oAuth authentication.
But it is not too clear how I can use these two systems together. I would like to use the API to display my API in some applications. And I would like to use Identity Server to register an end user. Is it possible? How can I "connect" these two systems?
I'm not sure if this is the best way to do it, so please advise me.
thank
source to share
As per my understanding of your use case, you need to expose the API securely. Therefore, you need to use WSO2 Identity Server and WSO2 API Manger. In addition to this, you need a better approach for the above use case. When using two products, we have two options.
-
Configuring WSO2 Identity Server as Key Manager in WSO2 API Manager (this link gives another combination of both product versions)
Here we need to add the man manger function for WSO2 IS.
- Configuring Pre-Packaged Identity Server 5.0.0 Using API Manager 1.9.0
Here the 1st option has manual configuration. But the second option minimized manual configuration.
source to share
The purpose of using Identity Server is not very clear. Should I separate authentication / authorization from the API manager instance?
By default, the API Manager ships with the Key Management Server component, which is responsible for all security and key related activities. This can be configured to authenticate users with a specific user store or multiple user stores. Authorization is based on oAuth 2.0. However, in a production deployment, we recommend that this component be deployed as a separate server instance so that it runs as an external key management server.
This is done by using another copy of the API Manager distribution and configuring it as the Key Manager node server.
Hope this helps.
Regards, Gillian
source to share
My understanding,
- If you want to use the WSO2 API Manager (AM) as an API gateway, you do not need a separate IS, as AM includes an IS engine with a security engine including a key manager.
-
If you need a single token for all AM components and you don't have another Identity Provider (IdP), you need the aeparate IP
-
However, if you have a separate IdP, you do not need to install an IS Server to implement SSO for AM, although the documentation from IS may suggest that you do this. For example, a successful SSO implementation was done using PingFederate / PingIdentity. See How to integrate WSO2 API Manager (AM) 1.10.0 with PingFederate SAML 2.0?
source to share