June 5, 2018 at 10:06 am #22201
we have a dedicated microservice which handles our users DB, it includes usernames + passwords and we’d like to use this MicroService for authentication when logging in with openAM using Rest API, is this supported? or do we have to develop a custom authentication method? ( it will be used alongside openIG)
Thanks!June 5, 2018 at 1:04 pm #22216Bill NelsonParticipant
Just so I am clear, you are asking if OpenAM can use an external DB as an authentication module, similar to the following:
Client –(REST)–> OpenAM –(JDBC)–> DB Microservice
If so, then the answer is yes. You can configure a database for authentication in this manner (assuming it is a standard database and you have the appropriate drivers).June 5, 2018 at 1:06 pm #22217
where can i find a guide how to do this? thanks!June 5, 2018 at 1:11 pm #22218
also, my question was instead of authentication against a db -> can i configure it to authenticate against a rest api service, a service/microservice that receives a username+password and simply returns true/false.
can this be done?June 5, 2018 at 5:54 pm #22225Andy CoryParticipant
Turning Bill’s example around, do you mean you want:
Client –-(un+pwd)–-> OpenAM –-(un+pwd)-–> Microservice REST API –(un+pwd)–> DB
If so, that’s also possible, but requires a custom authentication module to query your micro service REST endpoint. It would return HTTP 200/HTTP 401 to the client rather than the true/false returned by the micro service.
-AndyJune 12, 2018 at 3:10 pm #22282
okay, suppose i did this, what about OAuth2? i mean, if i set up OpenAM to be an OpenID connect authorization server, i would need it to return an email/access token to the secured resource (the service behind the OpenIG proxy), this wouldn’t be supported because my Microservice does not have access to the openAM – will not be able to generate access tokens
To be clearer, this is the scenario in my head when trying to access a secured resource behind OpenIG’s proxy:
1. attempt access -> unauthenticated -> redirect to OpenAM
2. login to openAM, but instead of verifying user+pass from the datastore, the verification is done against my Microservice
3. the microservice responded with 200/true -> generate access token
4. using a headerfilter, send the access token/email down the stream to the protected resource
5. Voila, you’re authenticated.
is this possible using your technologies? thanks!
You must be logged in to reply to this topic.