Imported Google Group message. Original thread at: https://groups.google.com/forum/#!topic/tyk-community-support/VvvvY7oxCFg Import Date: 2016-01-19 21:45:48 +0000.
Date:Wednesday, 13 January 2016 13:59:04 UTC.
I know it’s seemed a bit slow on the Tyk front of late, with only a small incremental update released so far since 1.9, but we’ve actually been very hard at work, trying to solve a core problem that you seem to be having: Federating identity to third parties.
Now what the heck is that?
Basically, we have a lot of emails that go something like this:
How can I hook up my portal to Active Directory or LDAP?
How can I hook up my dashboard to Active Directory or LDAP?
How can I let people log into my Portal with their Github account?
How can I have a third-party OAuth provider (such as Google+ or Twitter) create an OAuth token for my Tyk API?
How can I get my custom, legacy database to log users into the portal/dashboard?
This is a problem that arises a lot in the API space, with legacy identity systems floating around, or centralised identity services being used by larger organisations that have an existing user cache they want to give access to an app, site, portal, webapp or whatever but that needs a connector to work with their gateway.
The way this would be traditionally done is via some glue code somewhere that translates an identity providers response into an action in the gateway to enable access to a new API without having to add each user manually to the gateway beforehand.
The Tyk Identity Broker is essentially a standards-based, tyk-specific (but not necessarily) service component that you can send traffic through to handle all of your third-party authentication needs, much like the AWS Security Token Service, allowing temporary credentials to be generated using third party approvals.
Need to integrate the portal/dashboard/gateway with LDAP? TIB is the answer
Need to integrate the portal/dashboard/gateway app with Google+? TIB is the answer
Need to integrate the portal/dashboard/gateway app with Github/Twitter/OAuth? TIB is the answer!
Need to integrate the portal/dashboard/gateway app with a legacy login? TIB is the answer
Need to integrate the portal/dashboard/gateway app with programatic access? TIB. is. the. answer.
The Tyk identity Broker does all of the above, and more
In essence, TIB combines a series of pluggable, easy to develop and extend “Identity Providers” with a series of pluggable, easy to extend and standardised “Identity Handler Actions”, creating a bridge via which you can authenticate your users and use Tyk API Gateway’s capabilities without overhead (and it’s dynamically configurable via a REST API too).
Out of the box, we’ve got a Social OAuth handler for multiple providers, an LDAP adapter and a Proxy Provider (a generic validator for proxied HTTP requests). Actions that TIB can do with data from these providers is:
Create a token and deliver it as a fragment (similar to OAuth but using standard tokens), or as a JSON response
Create an OAuth access token or auth token and deliver it as a fragment as part of a standard OAuth flow
Create a portal user and log them into your portal
Create a dashboard session and log the user into your dashboard
A typical experience using TIB for an end user would be:
User selects “Log in with Github” in your app
Request is routed through TIB and user sees the Github authorisation page
User is returned to your app, your app takes the token that Tyk has generated for it and uses it to access your Tyk-powered API!
A completely seamless, OAuth-standard approach without any glue code, only a simple configuration profile.
To get a feel for how it works, please see the wiki page on github, since this is our first release, we’re not doing packaged releases yet until we’re happy with it and we feel that it’s something everyone wants and is using. But once we’re happy with it, you can expect it to be available across all the main repos soon enough.
Tyk Identity Broker is open source, under the MPL v2.0 license and we’re openly encouraging users to contribute more providers, handlers and access methods.
To get started, take a look at the requirements (if you have Tyk running, you don’t need anything), download it from the releases page, and install it. Then try one of the early examples in the docs (which are open, please contribute!).
Any feedback, questions or bribes, you know where to find us