As I run the tib in the first picture and get a “no SESSION_SECRET…” message. I tried calling the TIB restful api to list the profiles with POSTMAN and I get a 404 response. Any Setting that I have missed? Do you have an suggestion?
Moreover, is it possible that I use SSOCIRCLE login to access the protected resources from tyk. Could TIB help me to handle the handshake with SSOCIRCLE?
Just set the SESSION_SECRET environment variable in your env running TIB, it encrypts cookies when using the social plugins
As for the 404, the URL is probably wrong, remove the trailing slash.
Potentially, we’ve not worked with it, we try not to do specific integrations, but if it supports generic OAuth or some other mechanisms it would be easy to fork TIB and add a handler OR use the proxy provider to MITM the auth.
For question 2, SSOCIRCLE needs a SAML request. Is it possible TIB can handle this? Or I need to handle the SAML request first before using it to generate access_token to access tyk protected resources?
Basically, the Social ones implement OAuth in various forms, we are working on a generic OAuth handler, but since we are based on the Goth social integration plugin with Golang, it is very easy to write your own OAuth handler and plug it into TIB.
The Proxy Provider is the most flexible, it basically proxies an auth request to an IDP and analyses the response, if the response passes the tests, then the request is considered authenticated and triggers an appropriate handler action.
As I said, on the roadmap are:
JWT validation / token exchange
SAML token exchange
OpenID connect (this will probably be core Tyk Gateway)