Upload
wso2-inc
View
148
Download
1
Embed Size (px)
Citation preview
WSO2AppManager:ManagingApplica2onLifecyclesAcrossYourEnterprise
SumedhaRubasingheDirector-APIArchitectureWSO2
IamSirifromWSO2Salesteam.
IamSirifromWSO2Salesteam.
Username,enterpriseidenAty
OrganisaAon
Role,Group,Permissions
IlogintohDps://apps.wso2.com.
IlogintohDps://apps.wso2.com.
WebappunderorganizaAondomain
Thisisthehomepage
IseeallAppsIcanaccessbasedonmyroles,groups,permissions.
‘MySubscripAons’willshowAppsIhavesubscribedto.
‘Favorites’willshowallMyFavoritesApps.
Mark your favorite apps
TagbasedclassificaAonforApps.
IclickontheapplicaAonIwanttoaccess.Thispagealsolistsoutdetailsaboutapp,documentaAon,userfeedback.
Myrequesttoaccess‘PatchManagementApp’goesintoIdP->getmyloginsessionverified->getsredirectedbacktoApp
NowIamin‘PatchManagementApp’.NoLoginrequired.
AppStorehassentaSAMLResponsetoPatchManagementAppwithdetailsaboutme.
whatjusthappenedbehindthescenes?
Whatjusthappenedbehindthescenes?AccessedEnterpriseAppStore
LoggedintocentralIdP
SingleSignedOntoEnterpriseApps
Iamhappy..because...
Happinessintheair..IseeallappsIwantto/needto/requiredtoaccessinasingle
dashboard
Iuseasinglesetofcreden2alstoaccessallofthoseApps
Icanseeuserguides/helponhowtousethoseApps
Icanrequestforfeatures/rate/feedbacktoAppDevs
IsthisacommonpaDerninyourenterprise?
Siriisnotalone.AppDiscoveryhasapaDern.
DiscoverApps
Favourite/Subscribe
AccessAppsReadDocs
ReportIssues/Features
AppDiscoveryLifecycle
IamNayanafromWSO2CIOteam.
I...DevelopAppsforinternaluse
Wantaneffec2vechanneltodistributethoseAppstoeveryemployee
WantmyAppstobeabletoAuthen2cateandAuthoriseagainstcooperateIdP
WanttousecentrallydefineduserprofileaJributes
Wanttoviewusagesta2s2csofAppsIwrite
I...Wanttowritecentralisedauthoriza2onpoliciesformyAppsandget
themexecuted.
WanttoreceivefeedbackfromAppUsers.
WantmyuserstoeasilyreportAppissues.
Wanttowritecustomanaly2csonhowAppsarebeingused
Wanttoestablishseamlessintegra2onbetweenAPIsandAppsthatusethem.
IuseAppPublishertopublishAppsIdeveloptotheenterprise.
(Web)AppPublishercreatesaproxya(web)appinfrontofyourrealapplicaAon
Allowsdefiningperresourcebasedaccess/throDlingpolicies
Policiescanbecentrallydefinedandmanaged
PoliciescanbereusedbetweenapplicaAons
PoliciescanbegroupedandappliedagainstresourceaccesspaDerns
PerresourcepaDerncustomisaAonisalsopossible
DetailpagesummarisingeverythingabouttheApp.
CentralpageforconfiguringstaAsAcs,documentaAon,SSO,OAuthKeys
AppVersioningSupport
AllowsprovidingperAppDocumentaAon(inline,upload,URLs)
PermissionbasedApplifecyclemanagementcapabiliAes
CentralviewofallAppsmanaged
PublishingmobileAppsisalsosupported
Nayanaisnotalonetoo.AppPublishinghasapaDerntoo.
Review
Approve
PublishUnpublish
Deprecate
AppPublishingLifecycle
ReAre
Reject
TopublishApps,appsneedtobedeveloped!!
Whenmyappsareinuse,IviewstaAsAcsonthem.
AppPublisher,AppAuthor
MetadatalevelanalyAcsareavailableOOB.
Usagebyresourcepage
MulAdimensionalviewofApp,subscripAonandusage
OverallresponsesummaryofAppsmanaged
SubscripAonSummaryvsAppVersion
PerUserSubscripAonStaAsAcs
Breakdownbybackendendpoint
“WeuseWSO2AppManager.OnestopshopforApplica8ondistribu8on,lifecyclemanagement
andaccesscontrol”-Siri,Nayana
WSO2AppManager-FuncAonalOverview
Inanutshell..AProxyWebAppforarealwebapp
AnApplica2onGateway
Setofinterceptors(handlers)betweenproxyandrealwebapps
Interceptors
SingleSignOn
Sta2s2csCollec2on
Policyevalua2on
Pluggable
Supportfordifferentapptypes(future)
WebApps,MobileApps,CommandApps,WebLinks,Gadgets
SendingaJWT(signed)orSAMLTokentobackend
PassingauthenAcatedcallstobackendapp
ProxyApp WebApp
<saml2p:Response Destination="https://app-gateway.wso2.com/pmt/1.0.0/" ID="lekgojddaaponseTo=ntity"
{"exp":1394072102566,"hJp://wso2.org/claims/emailaddress":"dims@ws}
SAMLToken
JWTToken
ContentsofJsonWebToken(JWT){"iss":"wso2.org/products/appm","exp":1394072102566,"Subject":"dims","hJp://wso2.org/claims/emailaddress":"[email protected]","http://wso2.org/claims/mobile":"0725255071","hJp://wso2.org/claims/role":"admin,subscriber,Internal/everyone"
} UserRoles
UserName
Validity Claimvaluesfromuser’sprofile
ContentsofSAMLToken<saml2p:Responsexmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"Des2na2on="hJps://app-gateway.wso2.com/pmt/1.0.0/"ID="lekgojddaacphflejnbdpjlmjipldloecjbncecl"InResponseTo="0"IssueInstant="2015-11-04T09:40:31.431Z"Version="2.0">
<saml2:Issuerxmlns:saml2="urn:oasis:names:tc:SAML:2.0:asser2on"Format="urn:oasis:names:tc:SAML:2.0:nameid-format:en2ty">localhost</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCodeValue="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Asser2onxmlns:saml2="urn:oasis:names:tc:SAML:2.0:asser2on"ID="fgkedgffibfeddejffomjnfndgmohodjmjcakhog"IssueInstant="2015-11-04T09:40:31.431Z"Version="2.0">
<saml2:IssuerFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:en2ty">localhost</saml2:Issuer>
<saml2:Subject>
<saml2:NameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">[email protected]</
saml2:NameID><saml2:SubjectConfirma2onMethod="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirma2onDataInResponseTo="0"NotOnOrAner="2015-11-04T09:45:31.431Z"Recipient="hJps://app-gateway.wso2.com/pmt/1.0.0/"/>
</saml2:SubjectConfirma2on>
<saml2:AuthnStatementAuthnInstant="2015-11-04T09:40:31.431Z"SessionIndex="1b3aa683-5876-4a93-9721-09d52331f88c">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
….
<saml2:ADributeValuexmlns:xs="hDp://www.w3.org/2001/XMLSchema"xmlns:xsi="hDp://www.w3.org/2001/XMLSchema-
instance"xsi:type="xs:string">wso2.eng,wso2,wso2.support,support.users,wso2.all.employees,wso2.engineering-2,Internal/
subscriber,Internal/private_sumedha-AT-wso2.com,Internal/everyone</saml2:ADributeValue>
UserRoles
UserName
PublishingStatstoGoogleAnalyAcsfunction invokeStatistics(){ var tracking_code = "UA-XXXXXX-X";
var request = $.ajax({ url: "http://localhost:8281/statistics/", type: "GET", headers: { "trackingCode":tracking_code, } }); }
IncludethisfuncAontoyourpage
ManagingWorkflows-AppPublishing
Publisher
AppPublishRequest
Publica2onApproval
AppPublished
User Admin
ManagingWorkflows-AppConsumpAon
AppStore
UserRegistered
AdminEndUser
Registra2onApproval
Self-Registra2on
UserSubscribed
AdminEndUser
Subscrip2onApproval
AppSubscrip2onRequest
FutureworkImplementa2onontopofAppG/W
CEPbasedthroJling
FlexibleSubscrip2onModel
DecoupledAppStore->mobilecatalogs
IoTApp/Firmwaredelivery
Pub/SubbasedAppdistribu2onmodel