Layer7 API Management

Expand all | Collapse all

How to authenticate Users with External Services in Oauth 2.0 Authorization Flow

  • 1.  How to authenticate Users with External Services in Oauth 2.0 Authorization Flow

    Posted 07-22-2018 07:17 AM

    Hello Everyone,

     

    I am using OTK 3.6. 

    We need to Authenticate the end user in the authorization code flow with the external service.

     

     

    We have got the details for the external service from which the end users should be authenticated. The Username password entered in the above page to be transformed into XML and sent to the external service, the external service will return a 200 HTTP code by which we will determine if the user is authenticated or not.

     

    So how can we achieve this scenario?

    Which policy do we need to edit and what are the changes to be done if we are not using our Internal LDAP for authentication.

     

     

    Thanks



  • 2.  Re: How to authenticate Users with External Services in Oauth 2.0 Authorization Flow

    Posted 07-22-2018 07:40 PM

    Dear irfan.mugale ,

    Are you trying to use an external login server?

    If yes, you may refer to Sascha's blog,

    HowTo – Integrating OTK with external Login-Server 

     

    Regards,

    Mark



  • 3.  Re: How to authenticate Users with External Services in Oauth 2.0 Authorization Flow

    Posted 07-23-2018 12:47 AM

    Hi Mark,

     

    We dont need any external login page to pop up, we just need that the username and password entered in the below page should be authenticated.

     

    The Username password will be converted to into XML 

    <auth><username>ad**</username><password>ls****a</password</auth>

     

    The External Service is just a rest service which can only authenticate the username from db through there query logic and send me a http response code 200 if successfull.

     

    Thank you for the help.

     

    Thanks,



  • 4.  Re: How to authenticate Users with External Services in Oauth 2.0 Authorization Flow

    Posted 07-24-2018 09:55 AM

    Hi irfan.mugale,

     

    The authentication is handled in the 'OTK User Authentication' encapsulated assertion. For newer, 4.x releases of OTK, please look to use the 'OTK User Authentication Extension' policy. You can add custom logic to format the user id and password as XML and route to your backend service to authenticate. 

     

    Support Optional Authentication Mechanisms - CA API Management OAuth Toolkit - 4.3 - CA Technologies Documentation 

     

    Regards,

    Joe