Layer7 API Management

Hi,

We are looking to pass the User Group of username passed in the request from LDAP  to the target system.Could you please help  us  on how we can achieve this .

Thanks in Anticipation
Manasa

------------------------------
Developer
TCS
------------------------------

Dear Manasa,
I am not sure if I understand your question properly, are you trying to store some LDAP info in the request, and the gateway pass those info to the backend target server?

if true, the requestor can store the ldap info in header(s),  or body, the default route via http(s) assertion will pass anything in the original request to the backend. The backend needs to know how to pick up the info from the request.

Regards,
Mark
Original Message:
Sent: 11-22-2019 08:03 AM
From: Manasa Kasoju
Subject: APIGateway-LDAP User Group

Hi,

We are looking to pass the User Group of username passed in the request from LDAP  to the target system.Could you please help  us  on how we can achieve this .

Thanks in Anticipation
Manasa

------------------------------
Developer
TCS
------------------------------

Hi Zhijun,

We are trying to get the UserGroup of the User from LDAP configured in Gateway .Is there any possibility of doing this.

Thanks
Manasa


------------------------------
Developer
TCS
------------------------------

Original Message:
Sent: 11-24-2019 07:26 PM
From: Zhijun He
Subject: APIGateway-LDAP User Group

Dear Manasa,
I am not sure if I understand your question properly, are you trying to store some LDAP info in the request, and the gateway pass those info to the backend target server?

if true, the requestor can store the ldap info in header(s),  or body, the default route via http(s) assertion will pass anything in the original request to the backend. The backend needs to know how to pick up the info from the request.

Regards,
Mark
Original Message:
Sent: 11-22-2019 08:03 AM
From: Manasa Kasoju
Subject: APIGateway-LDAP User Group

Hi,

We are looking to pass the User Group of username passed in the request from LDAP  to the target system.Could you please help  us  on how we can achieve this .

Thanks in Anticipation
Manasa

------------------------------
Developer
TCS
------------------------------

So, you want to extract a ldap user's attribute (UserGroup), right?
If true, 
1. on ldap identity provider configuration, you would need to ensure the ldap IDP can retrieve the attribute you want, for example, select option "Retrieve all attributes in step 4. Advanced Configuration -> Attribute Options

Original Message:
Sent: 11-27-2019 04:26 AM
From: Manasa Kasoju
Subject: APIGateway-LDAP User Group

Hi Zhijun,

We are trying to get the UserGroup of the User from LDAP configured in Gateway .Is there any possibility of doing this.

Thanks
Manasa


------------------------------
Developer
TCS

Original Message:
Sent: 11-24-2019 07:26 PM
From: Zhijun He
Subject: APIGateway-LDAP User Group

Dear Manasa,
I am not sure if I understand your question properly, are you trying to store some LDAP info in the request, and the gateway pass those info to the backend target server?

if true, the requestor can store the ldap info in header(s),  or body, the default route via http(s) assertion will pass anything in the original request to the backend. The backend needs to know how to pick up the info from the request.

Regards,
Mark
Original Message:
Sent: 11-22-2019 08:03 AM
From: Manasa Kasoju
Subject: APIGateway-LDAP User Group

Hi,

We are looking to pass the User Group of username passed in the request from LDAP  to the target system.Could you please help  us  on how we can achieve this .

Thanks in Anticipation
Manasa

------------------------------
Developer
TCS
------------------------------

Something to be aware of here is that by enabling the "Retrieve all attributes" option you may be introducing a performance bottle neck with some LDAP configurations. If there are a lot of attributes for the user then you could be pulling a lot of unnecessary information across for the user. If you know the specific attributes you require then select the "Retrieve mapped and specified attributes only" and explicitly list the ones you require.

------------------------------
Jay MacDonald - Adoption Architect - Broadcom API Management (Layer 7)
------------------------------

Original Message:
Sent: 11-27-2019 05:01 PM
From: Zhijun He
Subject: APIGateway-LDAP User Group

So, you want to extract a ldap user's attribute (UserGroup), right?
If true,
1. on ldap identity provider configuration, you would need to ensure the ldap IDP can retrieve the attribute you want, for example, select option "Retrieve all attributes in step 4. Advanced Configuration -> Attribute Options

2. In your policy, you would need to authenticate against the ldap IDP first, and then use the Extract Attributes for Authenticated User Assertion to retrieve the custom attribute UserGroup,

for more details of Extract Attributes for Authenticated User Assertion, please refer to,
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-4/extract-attributes-for-authenticated-user-assertion.html

Regards,
Mark

Original Message:
Sent: 11-27-2019 04:26 AM
From: Manasa Kasoju
Subject: APIGateway-LDAP User Group

Hi Zhijun,

We are trying to get the UserGroup of the User from LDAP configured in Gateway .Is there any possibility of doing this.

Thanks
Manasa


------------------------------
Developer
TCS

Original Message:
Sent: 11-24-2019 07:26 PM
From: Zhijun He
Subject: APIGateway-LDAP User Group

Dear Manasa,
I am not sure if I understand your question properly, are you trying to store some LDAP info in the request, and the gateway pass those info to the backend target server?

if true, the requestor can store the ldap info in header(s),  or body, the default route via http(s) assertion will pass anything in the original request to the backend. The backend needs to know how to pick up the info from the request.

Regards,
Mark
Original Message:
Sent: 11-22-2019 08:03 AM
From: Manasa Kasoju
Subject: APIGateway-LDAP User Group

Hi,

We are looking to pass the User Group of username passed in the request from LDAP  to the target system.Could you please help  us  on how we can achieve this .

Thanks in Anticipation
Manasa

------------------------------
Developer
TCS
------------------------------

Hi Mark,

I have tried using the same,but unable to receive the Group.

Accessing the variable with authenticatedUser.UserGroup

------------------------------
Developer
TCS
------------------------------

Original Message:
Sent: 11-27-2019 05:01 PM
From: Zhijun He
Subject: APIGateway-LDAP User Group

So, you want to extract a ldap user's attribute (UserGroup), right?
If true,
1. on ldap identity provider configuration, you would need to ensure the ldap IDP can retrieve the attribute you want, for example, select option "Retrieve all attributes in step 4. Advanced Configuration -> Attribute Options

2. In your policy, you would need to authenticate against the ldap IDP first, and then use the Extract Attributes for Authenticated User Assertion to retrieve the custom attribute UserGroup,

for more details of Extract Attributes for Authenticated User Assertion, please refer to,
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-4/extract-attributes-for-authenticated-user-assertion.html

Regards,
Mark

Original Message:
Sent: 11-27-2019 04:26 AM
From: Manasa Kasoju
Subject: APIGateway-LDAP User Group

Hi Zhijun,

We are trying to get the UserGroup of the User from LDAP configured in Gateway .Is there any possibility of doing this.

Thanks
Manasa


------------------------------
Developer
TCS

Original Message:
Sent: 11-24-2019 07:26 PM
From: Zhijun He
Subject: APIGateway-LDAP User Group

Dear Manasa,
I am not sure if I understand your question properly, are you trying to store some LDAP info in the request, and the gateway pass those info to the backend target server?

if true, the requestor can store the ldap info in header(s),  or body, the default route via http(s) assertion will pass anything in the original request to the backend. The backend needs to know how to pick up the info from the request.

Regards,
Mark
Original Message:
Sent: 11-22-2019 08:03 AM
From: Manasa Kasoju
Subject: APIGateway-LDAP User Group

Hi,

We are looking to pass the User Group of username passed in the request from LDAP  to the target system.Could you please help  us  on how we can achieve this .

Thanks in Anticipation
Manasa

------------------------------
Developer
TCS
------------------------------

Dear Manasa,
You might double check the following,
1. on ldap server, is there UserGroup attribute for each user?
2. on the ldap identity provider, did you configure to retrieve the UserGroup attribute, or retrieve all attributes?
3. for the particular authenticate user during the API call, you may double check its data in ldap, does this user have an empty UserGroup attribute?

Regards,
Mark
Original Message:
Sent: 12-03-2019 06:52 AM
From: Manasa Kasoju
Subject: APIGateway-LDAP User Group

Hi Mark,

I have tried using the same,but unable to receive the Group.

Accessing the variable with authenticatedUser.UserGroup

Getting empty value.

Thanks
Manasa

------------------------------
Developer
TCS

Original Message:
Sent: 11-27-2019 05:01 PM
From: Zhijun He
Subject: APIGateway-LDAP User Group

So, you want to extract a ldap user's attribute (UserGroup), right?
If true,
1. on ldap identity provider configuration, you would need to ensure the ldap IDP can retrieve the attribute you want, for example, select option "Retrieve all attributes in step 4. Advanced Configuration -> Attribute Options

2. In your policy, you would need to authenticate against the ldap IDP first, and then use the Extract Attributes for Authenticated User Assertion to retrieve the custom attribute UserGroup,

for more details of Extract Attributes for Authenticated User Assertion, please refer to,
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-4/extract-attributes-for-authenticated-user-assertion.html

Regards,
Mark

Original Message:
Sent: 11-27-2019 04:26 AM
From: Manasa Kasoju
Subject: APIGateway-LDAP User Group

Hi Zhijun,

We are trying to get the UserGroup of the User from LDAP configured in Gateway .Is there any possibility of doing this.

Thanks
Manasa


------------------------------
Developer
TCS

Original Message:
Sent: 11-24-2019 07:26 PM
From: Zhijun He
Subject: APIGateway-LDAP User Group

Dear Manasa,
I am not sure if I understand your question properly, are you trying to store some LDAP info in the request, and the gateway pass those info to the backend target server?

if true, the requestor can store the ldap info in header(s),  or body, the default route via http(s) assertion will pass anything in the original request to the backend. The backend needs to know how to pick up the info from the request.

Regards,
Mark
Original Message:
Sent: 11-22-2019 08:03 AM
From: Manasa Kasoju
Subject: APIGateway-LDAP User Group

Hi,

We are looking to pass the User Group of username passed in the request from LDAP  to the target system.Could you please help  us  on how we can achieve this .

Thanks in Anticipation
Manasa

------------------------------
Developer
TCS
------------------------------