Reputation: 359
Using WSO2 API Manager with Identity Server and SEPARATE Identity Server Key Manager
We're in the process of configuring our suite of WSO2 products in a development environment and we're having a hard time wrapping our heads around IS Key Manager.
What we're going for is an Identity Server (already configured) with an OAuth Service Provider that an external web page can log into. This is already complete, we can get our token through IS just fine.
We now want to take the same token, and pass it to API Manager, and have API Manager understand the token, and the roles within, and approve or deny the API request.
Further in, we want to pass the token to Enterprise Integrator (which API Manager calls) and get info from the token (user info, claims) within a sequence.
IS is configured and working in it's isolated way (tokens generated from it aren't being accepted by APIM). APIM is configured in that it is pointing to an EI API.
EI is only configured in that it has an API with sequences that do stuff.
I've read through these: https://docs.wso2.com/display/AM260/Key+Concepts#KeyConcepts-KeyManager https://docs.wso2.com/display/AM210/Configuring+WSO2+Identity+Server+as+a+Key+Manager
They suggest a separate Key Manager that all can speak to. Makes sense. But the Key Manager when downloaded is an APIM instance? And looking deeper into the documentation it seems like this Key Manager is meant to REPLACE the traditional Identity Server, which doesn't support our use case (we need a separate Identity Server that can federate freely with others).
I assume I'm not understanding something about the Key Manager configuration properly.
In short: IS needs to have an OAuth service provider to login to. Once the token is generated there, it will be sent to an APIM endpoint. APIM should understand the roles, and authorize it through. EI should then receive the token from APIM and then also understand the roles and authorize it through.
How can I accomplish this?
Upvotes: 0
Views: 866
Answers (1)
Reputation: 36
I would assume you got to the page where "API Manager" download page. Then you got the download pack named "wso2am-2.6.0.zip"?
There is a link on the same download page under "Other Resources" -> "Identity Server as a Key Manager Pack". You can get the "wso2is-km-5.7.0.zip".
This is almost same as "wso2is-5.7.0.zip", except very few config modification. You could use almost all the IS features in the same way.
Upvotes: 2
Related Questions
- Configuring WSO2 IS as a key manager
- integrating wso2 identity server and api manager
- How to configure WSO2 AS and WSO2 AM and identity server on the same server?
- WSO2 API Manager with separate, external Identity Server
- Implement Single Sign on in WSO2 API Manager though a external IDP for a single application
- How to build/package wso2 api manager Identity Server as Key Manager
- How to setup WSO2 APIM with WSO2 IS and an identity provider?
- WSO2 API manager and Identity Server Integration
- oAuth2 - WSO2 API Manager and Identity Server Integration
- WSO2 Connect API Manager to Identity Server for key management