ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins. Read more for important details.
ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins.Read more for important details.
Cadet 3rd Class
Cadet 3rd Class
228 views

Access Manager - API Access query

We are using NetIQ Access Manager and we have a requirement to protect APIs and expose it . We intend to use OAUth2. 

 

We are accessing APIs from a batch script- as a nightly job. This is executed from each client.

For this we intend to use OAuth2 access token – Client Credentials grant to get the bearer token and pass it to the API.

Also along with this we need to pass a username as part of access token. This is used later in backend for some authorization/matching. Now, how do I set this username to be part of access token? 

As attributes/claims ?

And how do I retrieve the value from token? Is there an endpoint like /UserInfo which works with Client Credentials grant flow.?

 

Thanks,

Dipu.

0 Likes
1 Reply
Micro Focus Expert
Micro Focus Expert

You may need to change the choice of the Grant. Client Credential Grant doenst authenticate any user and hence you will not get anything when accessing userinfo endpoint.

Yes, you can add claims and attribute to the token, but you need to authenticate the user( authorization code, implicit, Resource Owner Grant). Once token is received you can use token introspection endpoint to get the details of user.

You can also try using another product called SAPIM which is build for API management only. This product leverage the features of NAM and provide you a seamless API management experience.

check the link https://www.netiq.com/documentation/secure-api-manager-10/

NetIQ solves these issues by providing a system that allows you to manage, create, control, and audit the APIs used in your environment through Secure API Manager. It gives you:

  • A single repository for all of your APIs

  • A lifecycle system to track the state of the APIs

  • Throttling capabilities to limit throughput to certain APIs

  • A detailed analytics system to show you which APIs are being used the most

  • Secure access to the APIs due to integration with NetIQ Access Manager

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.