Friday, February 2, 2018

Tyk 2.5 API Gateway available with OpenID Connect integration

Tyk has just released a new version of their API Gateway - v2.5.

Prior to this release, Tyk already provides OAuth 2.0 and a few other authentication methods

With OpenID Connect, the solution looks more complete now as OpenID Connect is picking up.


Monday, January 29, 2018

WeChat Login Web Integration

We have a Chinese customer who wants to implement WeChat login for the custom IDM User Portal which we have developed for them.

The implementation is pretty straight-forward as WeChat Login for Web Applications supports OAuth2 protocol. There is even a very good documentation written in English.

Now, the difficult part comes ... setting up of Developer Account. This is by no means easy as the check is very stringent.

To begin with, the registration page is in Chinese! And if you are a company, you need to submit company registration certificate, applicant's identification card, company bank account information etc.. And finally, if you are an overseas company, you need to pay USD 120 for verification fee.

And you are not guaranteed of having your application being approved.  :)

I'm praying hard. Just submitted and transferred USD120 to Tencent.


Friday, January 26, 2018

Kong API Gateway CE 0.12.0 - Circuit Breaker feature

The latest Community Edition version is Kong CE 0.12.0, just released today.

Coincidentally, there is a new feature in Kong that is similar to the one released by CA API Gateway 9.3 - Circuit Breaker.

Support for health checks! Kong can now short-circuit some of your upstream Targets (replicas) from its load balancer when it encounters too many TCP or HTTP errors. 
You can configure the number of failures, or the HTTP status codes that should be considered invalid, and Kong will monitor the failures and successes of proxied requests to each upstream Target. We call this feature passive health checks. 
Additionally, you can configure active health checks, which will make Kong perform periodic HTTP test requests to actively monitor the health of your upstream services, and pre-emptively short-circuit them. 
Upstream Targets can be manually taken up or down via two new Admin API endpoints: /healthy and /unhealthy.

More technical with implementation details at GitHub - Add active and passive health checks.

Pretty cool!


Thursday, January 25, 2018

CA API Gateway - 9.3 (New Features and Enhancements)

CA just released API Gateway 9.3 - New Features and Enhancements are listed here

There is a new feature which I think is pretty cool - Apply Circuit Breaker assertion.

The Apply Circuit Breaker assertion defines thresholds for failure conditions which, when exceeded, prevent blocks of your policy from executing for a configurable period. 
This is ideal for avoiding bottlenecks that arise due to request processing slowdowns that are caused by sluggish or malfunctioning back-end systems. 
Once the Apply Circuit Breaker assertion detects a circuit has exceeded a threshold, the assertion fails and none of its child assertions execute. Depending on the surrounding policy logic, a failed Apply Circuit Breaker assertion could cause further branching or it could fail the entire policy.

After a predetermined timeout period, the circuit resets and the bypassed portion is once again live.

Going to try it soon! :)


Wednesday, January 24, 2018

Access Management Users

Just received an email today ... I didn't know collecting user lists can be a business! Hmm...  :)


Would you be interested in acquiring accounts of Access Management Users for your sales and marketing initiative? Below are some of the popular lists which we provide.

Atos (Evidian) Users
CA Technologies Users
Centrify Users
Covisint Users
ForgeRock Users
IBM Users
i-Sprint Innovations Users
Micro Focus Users
Microsoft Users
Okta Users

Our List includes – Company Name, Company URL, Contact Name, Job Title, Email Address, Physical Address, Phone Numbers, Fax Numbers, Revenue Size, Employee Size, SIC Code, Industry and Technology Using.

Kindly review and let me know your thought on this. If you would like to include any other segmented data base along with this please feel free to let me know on the same.

Have a great day ahead!


Wednesday, December 20, 2017

Federation vs Web Access Management (WAM)

This question has been asked repeatedly over the years. I came across this link while I was searching for OpenID Connect feature in CA SSO 12.7.

Federation has the following advantages: 

  • Many applications can handle federation directly out-of-the-box, such as SAP, SharePoint, WebLogic. These applications accept assertions. 
  • A direct connection to a centralized server is unnecessary. A federation request always goes through the asserting party to get the generated assertion. After a user gains access to content on one server, the user returns to the federation hub and gets redirected to the next server. Only if the user session times out at the hub does the user have to reauthenticate. 

These advantages make federated partnerships better for an environment where sites are remote, inaccessible, or under third-party control.

Single Sign-On (WAM) has the following advantages:

  • Transactions are faster because there are fewer browser redirects. 
  • Provides centralized authorization and auditing. 
  • Direct links can exist from one web server to another in a network without the user going through a centralized hub for assertion generation. 
  • Offers timeout management. 
  • Applications are independent of a remotely initiated transaction. 

These advantages make WAM single sign-on better suited to an environment with sites that are under your control, such as internal data centers.


Tuesday, November 21, 2017

CA API Policy Manager - Revision History

CA API Policy Manager is the user interface for the CA API Gateway. It is used to construct web service and XML application policies, manage policy users, configure identity bridging, and configure, audit, and monitor the CA API Gateway. Pretty useful tool, though it's a "eighties" thick client. 

It has tons of functions though, and they become quite useful at times. Today, a developer in my client's side changed something to an existing API, but couldn't tell me exactly what he has changed. 

Well ... typical. Vendors are paid to spend time to discover/explore/clean-up what has been messed up.  

Luckily, the Policy Manager has a Revision History to each API.

It can show a history of the changes made. What's best is one can choose 2 historic APIs and make comparisons.

What's even better is it can pin-point which assertion(s) within the API has been modified. A visual output in RAW XML format can even be shown.

This function saves me big time!