Upload
wso2-inc
View
890
Download
1
Embed Size (px)
Citation preview
End-‐to-‐End Microservice Architecture with WSO2 Iden8ty Server and API Manager
David Clark Director, IT Architecture iJET Interna8onal
iJET Interna8onal
• Operate Globally with Confidence – Global Intelligence – Global Opera8ons Support – Travel Risk Management – iJET University – Execu8ve Decision Support
• iJET Labs – Innova8on center – Product research and development
Product Line Challenges
• Iden8ty Management – Increase demand for Federated Single Sign-‐on – Desire for more security protocol op8ons – Mul8factor authen8ca8on – User Self Provisioning
• Legacy Architecture – Not agile – Not scalable – Limited revenue opportuni8es
Legacy Environment
Three-‐8ered applica8ons built on top of a single database and shared libraries. Unarguably the fastest way to get your first product implemented. Entropy is inevitable.
Target Architecture
• WSO2 Middleware – Iden8ty Server – API Manager
• Commodity Solu8ons – Portal – Content Management – GIS – Language Transla8on
• Custom Components – Microservices – Portlets
Why WSO2?
• Appropriate fit – WSO2 Iden8ty Server – WSO2 API Gateway
• Open Source backed by WSO2 Support • Extensible • Quick Start Program
Federated SSO using WSO2 Iden8ty Server
• Configurable authen8cators for federa8on – Azure/Office 365 – Ac8ve Directory – Google
• Just-‐in-‐8me User Provisioning – Map incoming claims to local schema
• Custom User Store Manager – Extent WSO2 User Store Mabager – OSGi bundle deployment
Legacy Applica8on Integra8on with Iden8ty Server
• Legacy applica8ons were already configured to use another single sign-‐on solu8on
• WSO2 Iden8ty Server lacked an out-‐of-‐box proxy agent
• Apache Mellon bridged the SAML nego8a8on and provide a façade
API Manager
• Manage API Lifecycle with API Publisher – Prototype – Version – Publish
• Manage client subscrip8ons through API Manager Store
• Govern access and usage through API Gateway
Template driven development
• Spring Boot • Common instrumenta8on • Environment-‐aware configura8on • Hypermedia Controls • JWT Security integrated with WSO2 • Event Framework integra8on • Common logging
DevOps • WSO2 Infrastructure
– EC2 Instance provisioning – Iden8ty Server and API Manager – Clustering with AWS ELB
• Microservices – Con8nuous Integra8on – Container provisioning – API Store and Publisher MS provisioning
• Centralized Logging – Services – Infrastrcuture – WSO2 Middleware (IS, AM, and Gateway)
• Cloudwatch monitoring
Six months to success
• Completely new infrastructure with Federated SSO • API Store and Gateway • New applica8on built en8rely on REST APIs • Legacy applica8ons able to authen8cate with third-‐
party Iden8ty Providers
Not without challenges
• WSO2 Documenta8on – Many hidden undocumented gems – Undocumented configura8on op8ons and features
• Tried to do too much on our own – We could have benefited from more WSO2 support
• Many changes were done in parallel – Move to microservices architecture – Move infrastructure to Amazon Web Services – DevOps growing pains – New Iden8ty Server (legacy applica8on migra8on, new federa8ons) – New Applica8on Pla`orm – New Applica8on (UI and services)