Layer7 API Management

  • 1.  Portal 3.5/4.x Integration

    Posted Jul 27, 2018 05:57 AM

    Hi Folks,

     

    there is one use case where customer want to validate internal user (Ad user) to get validated against Ldap and External user to be validated from the portal DB while login to Portal 3.5.

     

    Do we have this capability in portal to simultaneously accommodate both functionality at same time? if yes, then how do we do that.

     

    Do this functionality exists in Portal 4.x and above version? if yes, can anyone share the process. 

     

    Regards,

    Grajesh Chandra



  • 2.  Re: Portal 3.5/4.x Integration
    Best Answer

    Posted Jul 27, 2018 08:17 PM

    Hi Grajesh,

     

    It's unclear to me what the use-case is in this discussion, sorry about that. Do you mind clarifying it for us? I think you're essentially stating that a customer may want to validate that authentication to the Portal is working, for both internal and external users where in this case the external users come from the local Portal database and the internal users come from the external Active Directory identity provider - is that correct?

     

    On the assumption that my understanding above is correct, then I want to make a few notes that should help you out in this scenario:

     

    • Portal 3.5 uses the API Gateway for authentication to any external (or even local to the Gateway) users on identity providers configured on the Gateway for use in the /portalauth service policy. Yes, you can use different authentication sources for the different user types.

     

    • To test an external user who's account is stored locally on the Portal, one would simply use the test credentials for a test user created locally on the Portal to make sure it works. If it doesn't work, I'd suggest re-setting the password of the user, ensuring the user is configured correctly (has the appropriate roles and organizations assigned, etc.), and more.

     

    • To test an internal user who would come out of Active Directory, assuming the configuration has been done (and this is what's being tested out now), one would simply make the login to the Portal with the credentials of a user in Active Directory which has appropriate permissions to access the Portal (i.e. where the Active Directory membership groups are mapped to roles on the Portal). If this does not work, you'll want to then narrow it down to see what kind of error is happening (which you can see more from the audit logs in the Gateway side since it's the one making the call the external identity provider). If the error seems to be connection-related, then ensure the configurations are correct for the connection to the Active Directory on the associated identity provider on the Gateway. If the error is more around permissions/authentication denied, then double-check the groups are mapped to the appropriate roles on the Portal side, and ensure the credentials are working of course.

     

     

    Regarding if this is also possible on 4.2, it really depends on what you are wanting to achieve and where the identity sources would be (and what protocol they will be using). I'd suggest reviewing the documentation in this case and if you have specific questions on that afterwards, please feel free to ask them here. For your convenience, I've included a few pages from the documentation that may be good references for you here too for 4.2:

     

     

    I hope the above provides some insight and next steps, as well as sufficient documentation to hopefully answer any remaining questions that may come up. But definitely feel free to ask anything else in here related to authentication in 3.5 and 4.2 around the use-case of testing authentication.



  • 3.  Re: Portal 3.5/4.x Integration

    Posted Jul 30, 2018 03:07 AM

    Thanks Dustin !!!! 

    It helped Alot.. 

     

    Regards,

    Grajesh