Setting up TIB and compatibility of TIB

Hi,

  1. As I run the tib in the first picture and get a “no SESSION_SECRET…” message. I tried calling the TIB restful api to list the profiles with POSTMAN and I get a 404 response. Any Setting that I have missed? Do you have an suggestion?

  2. Moreover, is it possible that I use SSOCIRCLE login to access the protected resources from tyk. Could TIB help me to handle the handshake with SSOCIRCLE?

Thank you very much.

Just set the SESSION_SECRET environment variable in your env running TIB, it encrypts cookies when using the social plugins

As for the 404, the URL is probably wrong, remove the trailing slash.

Potentially, we’ve not worked with it, we try not to do specific integrations, but if it supports generic OAuth or some other mechanisms it would be easy to fork TIB and add a handler OR use the proxy provider to MITM the auth.

Thank you for your reply.

For question 2, SSOCIRCLE needs a SAML request. Is it possible TIB can handle this? Or I need to handle the SAML request first before using it to generate access_token to access tyk protected resources?

I see, TIB doesn’t do SAML yet, but it’s on the roadmap :slight_smile:

How about the identity provider use openID connect, does TIB support this?

Lol, not yet, the full list of handlers is here:

https://tyk.io/docs/tyk-identity-broker/identity-providers/

Basically, the Social ones implement OAuth in various forms, we are working on a generic OAuth handler, but since we are based on the Goth social integration plugin with Golang, it is very easy to write your own OAuth handler and plug it into TIB.

The Proxy Provider is the most flexible, it basically proxies an auth request to an IDP and analyses the response, if the response passes the tests, then the request is considered authenticated and triggers an appropriate handler action.

As I said, on the roadmap are:

  1. JWT validation / token exchange
  2. SAML token exchange
  3. OpenID connect (this will probably be core Tyk Gateway)