Systems | Development | Analytics | API | Testing

May 2022

Validate WSO2 API Manager gateway request with open policy agent

Open policy agent (OPA) enables you to write security and compliance policies as code, or call any external policies using the OPA standard. WSO2 API manager uses this capability to offload policy decisions of API gateway requests to this policy engine. By decoupling the policy enforcement from evaluation, API policymakers now have the opportunity to write dynamic and reusable policies for ever-changing requirements. You can then reuse an OPA policy like any other policy in the API Manager by graphically dragging and dropping it into a policy pipeline. This video explains how it works and gives a demo.

One-Time Authorization Code for REST APIs in WSO2 Identity Server

WSO2 Identity Server provides many identity management workflows and password management workflows out of the box, e.g., self-registration, user invitations, password recovery, etc. However, it is not unusual to come across a situation where the workflow capabilities provided out of the box in the product, is not sufficient to fulfill your business requirement.

Re-issue Existing Password Recovery Confirmation Code in Followed Recovery or Resend Requests

Photo by Micah Williams on Unsplash This article discusses a new feature which will be released for the public distribution of WSO2 Identity Server 5.12.0. This feature was developed to overcome the following scenario: You can refer to the following diagram for a deeper understanding of the above flow. This scenario can be experienced by anyone. As such, we introduced a new way to handle this scenario (as shown below) for the notification based password recovery flow.

How to Plug an Existing User Store into WSO2 Identity Server?

Are you someone who already has a legacy system in place and wants to migrate to a modern authentication system with Identity and Access Management (IAM) features? The first thing you need to consider is how you can use the existing legacy user store with this new system. Keep in mind that if the legacy user store uses an old security mechanism to store your data, we would recommend that you migrate to the WSO2 JDBC user store format or Active Directory (AD).

Proof of possession for OAuth2 tokens(DPoP) with WSO2 Identity Server #Identityin15

In today's episode, we will discuss how you can secure OAuth2 Tokens with DPoP using the WSO2 Identity Server. DPoP (Demonstrating-Proof-of-Possession) is an additional security mechanism for the token generation which overcomes the issue of bearer token which will not validate between who is requested token and who is actually using the token for the access of a particular resource. The following is the outline for today's session.

Performance optimization techniques used in Asgardeo - Part 02

This is the second installment of the series. As a result, if you haven't yet completed Part 01 of the series, it is highly urged that you do so first. According to the official website, Asgardeo is an IDaaS that allows developers to create seamless login experiences in minutes. Let's concentrate on the performance optimization approaches utilized in react and webpack in this article.

Performance optimization techniques used in Asgardeo - Part 01

This post explains the approaches we used to improve performance in our application. This knowledge will also assist you in applying these strategies to your projects as required. Please keep in mind that this post series focuses solely on the front end. According to the official website, Asgardeo is an IDaaS that allows developers to create seamless login experiences in minutes.

Composing Effective Consumer Onboarding Workflows, Part 1

Consumer onboarding is one of the, if not the most, important functions of a customer identity and access management (CIAM) solution. An overly complicated onboarding workflow significantly detracts from the consumer experience. Providing an effective, engaging and efficient onboarding workflow without compromising security has always been a challenge among security and risk professionals.

Composing Effective Consumer Onboarding Workflows, Part 2

In part 1 of this series, we introduced the three most common abstract workflows based on the method in which they are initiated. But what makes an abstract workflow a concrete workflow are the different types of components that make up the workflow. In this article, we will take a look at these components.

Audit Logging for Micro-Integrator

When you are running a micro-integrator on a microservices environment, administrators who have admin access to the micro-integrator are able to change its configurations via admin services API. When someone needs to debug the system and find out which person did what change, then the micro-integrator needs to keep a log of activities performed on the micro-integrator. Audit logs are simply a set of logs that let you find what are the changes performed on the micro-integrator instance. Audit logs feature support from the APIM 4.1.0 onward.

Per API Logging Support for WSO2 API Manager

APIM per API logging support lets you enable logging request details per API basis. This will significantly impact APIM performance when you need to collect logs that come in to and out of the APIM instance. Users are able to enable or disable logging for each API by using the APIM REST API. WSO2 APIM logging gives you multiple log levels that let you log information in different levels.

The Future of Passwordless Authentication

Do you recall what your first password was? It was probably something easy that you could remember easily, such as your birthdate or the name of your pet. However, as you created additional online accounts, your passwords grew more complex and difficult to remember. It's a problem that many people face. As a result, many of us tend to reuse passwords across many accounts, exposing our personal information to theft.