SlideShare a Scribd company logo
1 of 31
Download to read offline
January 21, 2021
Session 20
Hello!
Menaka Jayawardena
menaka@wso2.com
Agenda
● Recap
● An overview of key manager connectors in WSO2 API
Manager
● Implementing a custom key manager connector
● GUI features of the connectors for easier configuration
● Event-based token revocation
● Q&A
Agenda
4
Recap from Community Call #10
Quick Recap
● Key manager as a component
● Operations of Key Manager
⦿ Token generation/ revocation
⦿ Authentication and authorization
⦿ Federation and more...
● How Key Manager is evolved
⦿ Before AM 1.9.0 : Tightly coupled Key Manager
⦿ AM 1.9 - 3.1.0 : Key Manager extensions
⦿ From 3.2.0 : Connectors and pure 3rd party key managers
Watch API Key Manager (Community Call #10) @ API Life on YouTube
6
An Overview of Key Manager Connectors
in WSO2 API Manager
Why 3rd Party Key Managers and Why We Need a Connector?
We have to use a 3rd party Key Manager because
● Organization/ Client already has a key management solution in place
● Organizational policies
We need a connector because, key managers
● Can have different set of configurations
● Support different functionalities
● Use different API endpoints, etc.
8
API Manager
Scenario
Key Manager: foo
Key Manager: bar
9
Key Manager: foo
Key Manager: bar
API Manager
Scenario
Foo Connector
Bar Connector
10
Key Manager Connector Functionality
Create/ Get / Update/ Delete OAuth applications
Generate access tokens
Token introspection
Connector Key Manager
11
Advantages of a Key Manager Connector
● Easily deployable
● Configure multiple Key Managers at the same time
● Configurable per API
● No file-based configurations
12
Available Key Manager Connectors
● WSO2 Identity Server
● Okta
● Key Cloak
● Ping
● Auth0
13
Implementing a Custom Key Manager
Connector
How a Key Manager Connector is Implemented
● Carbon feature project (OSGI bundle)
● Uses Key Manager’s public APIs
● Extends AbstractKeyManager class
⦿ Overrides common key manager functions
⦾ Creating applications
⦾ Generating tokens, etc.
● Implements KeyManagerConnectorConfiguration
⦿ Defines Key Manager specific configuration options
⦾ Required admin credentials
⦾ Application related configuration
15
Project Structure
● Component
⦿ The implementation of the connector
(source code)
● Feature
⦿ Builds the component zip file with all the
required resources
More info: How to write a WSO2 Carbon
Component
16
Auth0OAuthClient.java
● Extends the AbstractKeyManager class
● Overrides required methods
Method Description
loadConfiguration() Loads the key manager configuration and initializes
the key manager client
createApplication() Creates oauth application in key manager
getNewApplicationAccessToken() Generates access token
getTokenMetaData() Validates and gets token information
17
Auth0ConnectorConfiguration.java
● Implements the KeyManagerConnectorConfiguration class
● Service component of the connector
● Used to define key manager specific configuration parameters
● Dynamically generates the UI
Method Description
getConnectionConfigurations() Returns the key manager’s connection related
configuration, i.e credentials, token endpoint.
getApplicationConfigurations() Creates oauth application in key manager
getType() Returns the key manager type
getDisplayName() Returns the key manager’s configured display name
18
Build and Deploy
● Build the project with maven
mvn clean install
● Copy
{PROJECT_HOME}/components/<package-name>/target/{CONNECTOR_NAME}-{Versio
n}.jar file into {API-M_HOME}/repository/components/dropins directory
● Start WSO2 API Manager server
./wso2server.sh or wso2server.bat
19
GUI Features of the Connector for Easier
Configuration
GUI Features of a Key Manager Connector
● Use the WSO2 API Manager admin portal to add a Key Manager
● UI based, dynamic configuration generation for KM specific configs
⦿ Connection and application configuration
● API and application level Key Manager configuration
⦿ Select which key manager should be used with an API
⦿ Configure key manager specific application parameters
21
Dynamic Configuration Generation - Admin Portal
Admin Portal > Key Managers > Add New Key Manager > Auth0
Configuration related to Key
Manager APIs
22
Dynamic Configuration Generation - Developer Portal
Developer Portal > Application > Oauth2 Tokens
Configuration related to applications
created in the Key Manager
23
Event-based Token Revocation
Event-based Token Revocation
● Gateway caches need to be invalidated and revoked token information should
be persisted upon revocation
● When Key Manager is externalized, there should be a system to notify the
gateways
● Key Manager should send the revoked token information (WSO2 Identity Server
- Revocation Event, Okta: Event Hooks)
● Depends on different Key Managers
● Currently implemented for WSO2 Identity Server
25
Event-based Token Revocation - Message Flow
● User invokes the revoke endpoint with the token to be revoked
● Key Manager invokes the /internal/data/v1/notify endpoint of Traffic Manager
with revoked token information
● Traffic Manager processes the revoke token information, persists the revoked
token signature in DB
● Traffic Manager generates the token revocation event and sends to the gateway
via JMS
● Gateway invalidates the token caches relevant to the revoked token
● The revoked token jti is added in to the revoked token map in Gateway
26
Event-based Token Revocation - Message Flow
/revoke /internal/data/v1/notify Token Revocation Event
Key Manager
HTTP HTTP JMS
Token Info (jti, etc)
27
Persist revoked token
signature
AM_DB
● Invalidate token
Cache
● Updates Revoked
token map
More Info
● API Key Manager (Community Call #10) @API Life
https://www.youtube.com/watch?v=a37MHagB8So&list=PLC7QzKjxCjo2GBxV
c0Rr0LXyNryZVwAts&index=9
● Securing APIs with WSO2 API Manager and Okta, WSO2 Webinar
https://www.youtube.com/watch?v=z9mXnC-0clo
28
Question Time!
30
Next Session
● Thursday, February 18, 2021
● Click on the community call page link to get notified of the next call or submit
your topic suggestions
⦿ Page - https://wso2.com/community/api-management/#CommunityCall
● You can join our ongoing conversations on WSO2 API Manager using the following
channels
⦿ Slack invite - apim-slack.wso2.com
⦿ Twitter - @wso2apimanager
⦿ Email - dev@wso2.org
● You can find out more about our product by visiting
⦿ YouTube - bit.do/wso2apimanager
⦿ Website - WSO2
30
Thanks!

More Related Content

What's hot

Apache Arrow Flight Overview
Apache Arrow Flight OverviewApache Arrow Flight Overview
Apache Arrow Flight OverviewJacques Nadeau
 
The 12 Factor App
The 12 Factor AppThe 12 Factor App
The 12 Factor Apprudiyardley
 
Tanny Ng, Nadeem Syed [WP Engine] | How WP Engine Transformed Monitoring Into...
Tanny Ng, Nadeem Syed [WP Engine] | How WP Engine Transformed Monitoring Into...Tanny Ng, Nadeem Syed [WP Engine] | How WP Engine Transformed Monitoring Into...
Tanny Ng, Nadeem Syed [WP Engine] | How WP Engine Transformed Monitoring Into...InfluxData
 
Data Ingest Self Service and Management using Nifi and Kafka
Data Ingest Self Service and Management using Nifi and KafkaData Ingest Self Service and Management using Nifi and Kafka
Data Ingest Self Service and Management using Nifi and KafkaDataWorks Summit
 
Openstack live migration
Openstack live migrationOpenstack live migration
Openstack live migrationymtech
 
API Gateway Use Cases​ for Kubernetes​
API Gateway Use Cases​ for Kubernetes​API Gateway Use Cases​ for Kubernetes​
API Gateway Use Cases​ for Kubernetes​NGINX, Inc.
 
Observability - Stockholm Splunk UG Jan 19 2023.pptx
Observability - Stockholm Splunk UG Jan 19 2023.pptxObservability - Stockholm Splunk UG Jan 19 2023.pptx
Observability - Stockholm Splunk UG Jan 19 2023.pptxMagnus Johansson
 
Installing and Configuring NGINX Open Source
Installing and Configuring NGINX Open SourceInstalling and Configuring NGINX Open Source
Installing and Configuring NGINX Open SourceNGINX, Inc.
 
Real-time Twitter Sentiment Analysis and Image Recognition with Apache NiFi
Real-time Twitter Sentiment Analysis and Image Recognition with Apache NiFiReal-time Twitter Sentiment Analysis and Image Recognition with Apache NiFi
Real-time Twitter Sentiment Analysis and Image Recognition with Apache NiFiTimothy Spann
 
Deploying a Low-Latency Multiplayer Game Globally: Loadout
Deploying a Low-Latency Multiplayer Game Globally: Loadout Deploying a Low-Latency Multiplayer Game Globally: Loadout
Deploying a Low-Latency Multiplayer Game Globally: Loadout Amazon Web Services
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023VMware Tanzu
 
Building a fully managed stream processing platform on Flink at scale for Lin...
Building a fully managed stream processing platform on Flink at scale for Lin...Building a fully managed stream processing platform on Flink at scale for Lin...
Building a fully managed stream processing platform on Flink at scale for Lin...Flink Forward
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Stenio Ferreira
 
Enabling a Real-Time, Agile, Event-Driven Enterprise
Enabling a Real-Time, Agile, Event-Driven EnterpriseEnabling a Real-Time, Agile, Event-Driven Enterprise
Enabling a Real-Time, Agile, Event-Driven EnterpriseSolace
 
KFServing and Kubeflow Pipelines
KFServing and Kubeflow PipelinesKFServing and Kubeflow Pipelines
KFServing and Kubeflow PipelinesAnimesh Singh
 

What's hot (20)

Apache Arrow Flight Overview
Apache Arrow Flight OverviewApache Arrow Flight Overview
Apache Arrow Flight Overview
 
The 12 Factor App
The 12 Factor AppThe 12 Factor App
The 12 Factor App
 
Tanny Ng, Nadeem Syed [WP Engine] | How WP Engine Transformed Monitoring Into...
Tanny Ng, Nadeem Syed [WP Engine] | How WP Engine Transformed Monitoring Into...Tanny Ng, Nadeem Syed [WP Engine] | How WP Engine Transformed Monitoring Into...
Tanny Ng, Nadeem Syed [WP Engine] | How WP Engine Transformed Monitoring Into...
 
Data Ingest Self Service and Management using Nifi and Kafka
Data Ingest Self Service and Management using Nifi and KafkaData Ingest Self Service and Management using Nifi and Kafka
Data Ingest Self Service and Management using Nifi and Kafka
 
Zero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsZero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOps
 
Openstack live migration
Openstack live migrationOpenstack live migration
Openstack live migration
 
API Gateway Use Cases​ for Kubernetes​
API Gateway Use Cases​ for Kubernetes​API Gateway Use Cases​ for Kubernetes​
API Gateway Use Cases​ for Kubernetes​
 
Docker Container
Docker ContainerDocker Container
Docker Container
 
Observability - Stockholm Splunk UG Jan 19 2023.pptx
Observability - Stockholm Splunk UG Jan 19 2023.pptxObservability - Stockholm Splunk UG Jan 19 2023.pptx
Observability - Stockholm Splunk UG Jan 19 2023.pptx
 
Installing and Configuring NGINX Open Source
Installing and Configuring NGINX Open SourceInstalling and Configuring NGINX Open Source
Installing and Configuring NGINX Open Source
 
Real-time Twitter Sentiment Analysis and Image Recognition with Apache NiFi
Real-time Twitter Sentiment Analysis and Image Recognition with Apache NiFiReal-time Twitter Sentiment Analysis and Image Recognition with Apache NiFi
Real-time Twitter Sentiment Analysis and Image Recognition with Apache NiFi
 
Deploying a Low-Latency Multiplayer Game Globally: Loadout
Deploying a Low-Latency Multiplayer Game Globally: Loadout Deploying a Low-Latency Multiplayer Game Globally: Loadout
Deploying a Low-Latency Multiplayer Game Globally: Loadout
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023
 
Building a fully managed stream processing platform on Flink at scale for Lin...
Building a fully managed stream processing platform on Flink at scale for Lin...Building a fully managed stream processing platform on Flink at scale for Lin...
Building a fully managed stream processing platform on Flink at scale for Lin...
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2
 
Dataflow with Apache NiFi
Dataflow with Apache NiFiDataflow with Apache NiFi
Dataflow with Apache NiFi
 
CICD with Jenkins
CICD with JenkinsCICD with Jenkins
CICD with Jenkins
 
Enabling a Real-Time, Agile, Event-Driven Enterprise
Enabling a Real-Time, Agile, Event-Driven EnterpriseEnabling a Real-Time, Agile, Event-Driven Enterprise
Enabling a Real-Time, Agile, Event-Driven Enterprise
 
KFServing and Kubeflow Pipelines
KFServing and Kubeflow PipelinesKFServing and Kubeflow Pipelines
KFServing and Kubeflow Pipelines
 
Vault
VaultVault
Vault
 

Similar to Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager Community Call (1/21/2021)

[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key Manager[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key ManagerWSO2
 
Integrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use caseIntegrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use caseBahman Kalali
 
WSO2 API Microgateway for Easier Development and Greater Scalability
WSO2 API Microgateway for Easier Development and Greater ScalabilityWSO2 API Microgateway for Easier Development and Greater Scalability
WSO2 API Microgateway for Easier Development and Greater ScalabilityWSO2
 
Flink Forward San Francisco 2019: Building Financial Identity Platform using ...
Flink Forward San Francisco 2019: Building Financial Identity Platform using ...Flink Forward San Francisco 2019: Building Financial Identity Platform using ...
Flink Forward San Francisco 2019: Building Financial Identity Platform using ...Flink Forward
 
INTERFACE, by apidays - The Evolution of API Security by Johann Dilantha Nal...
INTERFACE, by apidays  - The Evolution of API Security by Johann Dilantha Nal...INTERFACE, by apidays  - The Evolution of API Security by Johann Dilantha Nal...
INTERFACE, by apidays - The Evolution of API Security by Johann Dilantha Nal...apidays
 
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...WSO2
 
How to Install and Configure your own Identity Manager GE
How to Install and Configure your own Identity Manager GEHow to Install and Configure your own Identity Manager GE
How to Install and Configure your own Identity Manager GEFederico Fernández Moreno
 
How to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GEHow to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GEFIWARE
 
[Workshop] API Management in Microservices Architecture
[Workshop] API Management in Microservices Architecture[Workshop] API Management in Microservices Architecture
[Workshop] API Management in Microservices ArchitectureWSO2
 
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakDevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakHitachi, Ltd. OSS Solution Center.
 
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?WSO2
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak  - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak  - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...Ganesh Kumar
 
WMUG NL Tuesday - Latest and greatest in the world of Configuration Manager
WMUG NL Tuesday - Latest and greatest in the world of Configuration ManagerWMUG NL Tuesday - Latest and greatest in the world of Configuration Manager
WMUG NL Tuesday - Latest and greatest in the world of Configuration ManagerTim De Keukelaere
 
How to Create Blockchain Products by Slice.Market CTO
How to Create Blockchain Products by Slice.Market CTOHow to Create Blockchain Products by Slice.Market CTO
How to Create Blockchain Products by Slice.Market CTOProduct School
 
Bulletproof Microservices with Spring and Kubernetes
Bulletproof Microservices with Spring and KubernetesBulletproof Microservices with Spring and Kubernetes
Bulletproof Microservices with Spring and KubernetesVMware Tanzu
 

Similar to Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager Community Call (1/21/2021) (20)

[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key Manager[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key Manager
 
Integrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use caseIntegrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use case
 
WSO2 API Microgateway for Easier Development and Greater Scalability
WSO2 API Microgateway for Easier Development and Greater ScalabilityWSO2 API Microgateway for Easier Development and Greater Scalability
WSO2 API Microgateway for Easier Development and Greater Scalability
 
Flink Forward San Francisco 2019: Building Financial Identity Platform using ...
Flink Forward San Francisco 2019: Building Financial Identity Platform using ...Flink Forward San Francisco 2019: Building Financial Identity Platform using ...
Flink Forward San Francisco 2019: Building Financial Identity Platform using ...
 
INTERFACE, by apidays - The Evolution of API Security by Johann Dilantha Nal...
INTERFACE, by apidays  - The Evolution of API Security by Johann Dilantha Nal...INTERFACE, by apidays  - The Evolution of API Security by Johann Dilantha Nal...
INTERFACE, by apidays - The Evolution of API Security by Johann Dilantha Nal...
 
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
 
How to Install and Configure your own Identity Manager GE
How to Install and Configure your own Identity Manager GEHow to Install and Configure your own Identity Manager GE
How to Install and Configure your own Identity Manager GE
 
How to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GEHow to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GE
 
Meetup bangalore-may22nd2021
Meetup bangalore-may22nd2021Meetup bangalore-may22nd2021
Meetup bangalore-may22nd2021
 
Building APIs with Mule and Spring Boot
Building APIs with Mule and Spring BootBuilding APIs with Mule and Spring Boot
Building APIs with Mule and Spring Boot
 
[Workshop] API Management in Microservices Architecture
[Workshop] API Management in Microservices Architecture[Workshop] API Management in Microservices Architecture
[Workshop] API Management in Microservices Architecture
 
Sprint 82
Sprint 82Sprint 82
Sprint 82
 
Mikrotik API
Mikrotik APIMikrotik API
Mikrotik API
 
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakDevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
 
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak  - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak  - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
 
WMUG NL Tuesday - Latest and greatest in the world of Configuration Manager
WMUG NL Tuesday - Latest and greatest in the world of Configuration ManagerWMUG NL Tuesday - Latest and greatest in the world of Configuration Manager
WMUG NL Tuesday - Latest and greatest in the world of Configuration Manager
 
ProjectReport_Subhayu
ProjectReport_SubhayuProjectReport_Subhayu
ProjectReport_Subhayu
 
How to Create Blockchain Products by Slice.Market CTO
How to Create Blockchain Products by Slice.Market CTOHow to Create Blockchain Products by Slice.Market CTO
How to Create Blockchain Products by Slice.Market CTO
 
Bulletproof Microservices with Spring and Kubernetes
Bulletproof Microservices with Spring and KubernetesBulletproof Microservices with Spring and Kubernetes
Bulletproof Microservices with Spring and Kubernetes
 

More from WSO2

How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in ChoreoWSO2
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023WSO2
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in MinutesWSO2
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityWSO2
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...WSO2
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfWSO2
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoWSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
A Reference Methodology for Agile Digital Businesses
 A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital BusinessesWSO2
 
Lessons from the pandemic - From a single use case to true transformation
 Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready BankWSO2
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIsWSO2
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”WSO2
 
API Revisions - WSO2 API Manager Community Call (10/27/2021)
API Revisions - WSO2 API Manager Community Call (10/27/2021)API Revisions - WSO2 API Manager Community Call (10/27/2021)
API Revisions - WSO2 API Manager Community Call (10/27/2021)WSO2
 
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...WSO2
 
[ICT Spring 2021] - Managed Crowd: The Future of Business as We Know It!
[ICT Spring 2021] - Managed Crowd: The Future of Business as We Know It![ICT Spring 2021] - Managed Crowd: The Future of Business as We Know It!
[ICT Spring 2021] - Managed Crowd: The Future of Business as We Know It!WSO2
 

More from WSO2 (20)

How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in Choreo
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos Identity
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdf
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
 
A Reference Methodology for Agile Digital Businesses
 A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses
 
Lessons from the pandemic - From a single use case to true transformation
 Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready Bank
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
 
API Revisions - WSO2 API Manager Community Call (10/27/2021)
API Revisions - WSO2 API Manager Community Call (10/27/2021)API Revisions - WSO2 API Manager Community Call (10/27/2021)
API Revisions - WSO2 API Manager Community Call (10/27/2021)
 
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
 
[ICT Spring 2021] - Managed Crowd: The Future of Business as We Know It!
[ICT Spring 2021] - Managed Crowd: The Future of Business as We Know It![ICT Spring 2021] - Managed Crowd: The Future of Business as We Know It!
[ICT Spring 2021] - Managed Crowd: The Future of Business as We Know It!
 

Recently uploaded

Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 

Recently uploaded (20)

Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 

Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager Community Call (1/21/2021)

  • 4. ● Recap ● An overview of key manager connectors in WSO2 API Manager ● Implementing a custom key manager connector ● GUI features of the connectors for easier configuration ● Event-based token revocation ● Q&A Agenda 4
  • 6. Quick Recap ● Key manager as a component ● Operations of Key Manager ⦿ Token generation/ revocation ⦿ Authentication and authorization ⦿ Federation and more... ● How Key Manager is evolved ⦿ Before AM 1.9.0 : Tightly coupled Key Manager ⦿ AM 1.9 - 3.1.0 : Key Manager extensions ⦿ From 3.2.0 : Connectors and pure 3rd party key managers Watch API Key Manager (Community Call #10) @ API Life on YouTube 6
  • 7. An Overview of Key Manager Connectors in WSO2 API Manager
  • 8. Why 3rd Party Key Managers and Why We Need a Connector? We have to use a 3rd party Key Manager because ● Organization/ Client already has a key management solution in place ● Organizational policies We need a connector because, key managers ● Can have different set of configurations ● Support different functionalities ● Use different API endpoints, etc. 8
  • 9. API Manager Scenario Key Manager: foo Key Manager: bar 9
  • 10. Key Manager: foo Key Manager: bar API Manager Scenario Foo Connector Bar Connector 10
  • 11. Key Manager Connector Functionality Create/ Get / Update/ Delete OAuth applications Generate access tokens Token introspection Connector Key Manager 11
  • 12. Advantages of a Key Manager Connector ● Easily deployable ● Configure multiple Key Managers at the same time ● Configurable per API ● No file-based configurations 12
  • 13. Available Key Manager Connectors ● WSO2 Identity Server ● Okta ● Key Cloak ● Ping ● Auth0 13
  • 14. Implementing a Custom Key Manager Connector
  • 15. How a Key Manager Connector is Implemented ● Carbon feature project (OSGI bundle) ● Uses Key Manager’s public APIs ● Extends AbstractKeyManager class ⦿ Overrides common key manager functions ⦾ Creating applications ⦾ Generating tokens, etc. ● Implements KeyManagerConnectorConfiguration ⦿ Defines Key Manager specific configuration options ⦾ Required admin credentials ⦾ Application related configuration 15
  • 16. Project Structure ● Component ⦿ The implementation of the connector (source code) ● Feature ⦿ Builds the component zip file with all the required resources More info: How to write a WSO2 Carbon Component 16
  • 17. Auth0OAuthClient.java ● Extends the AbstractKeyManager class ● Overrides required methods Method Description loadConfiguration() Loads the key manager configuration and initializes the key manager client createApplication() Creates oauth application in key manager getNewApplicationAccessToken() Generates access token getTokenMetaData() Validates and gets token information 17
  • 18. Auth0ConnectorConfiguration.java ● Implements the KeyManagerConnectorConfiguration class ● Service component of the connector ● Used to define key manager specific configuration parameters ● Dynamically generates the UI Method Description getConnectionConfigurations() Returns the key manager’s connection related configuration, i.e credentials, token endpoint. getApplicationConfigurations() Creates oauth application in key manager getType() Returns the key manager type getDisplayName() Returns the key manager’s configured display name 18
  • 19. Build and Deploy ● Build the project with maven mvn clean install ● Copy {PROJECT_HOME}/components/<package-name>/target/{CONNECTOR_NAME}-{Versio n}.jar file into {API-M_HOME}/repository/components/dropins directory ● Start WSO2 API Manager server ./wso2server.sh or wso2server.bat 19
  • 20. GUI Features of the Connector for Easier Configuration
  • 21. GUI Features of a Key Manager Connector ● Use the WSO2 API Manager admin portal to add a Key Manager ● UI based, dynamic configuration generation for KM specific configs ⦿ Connection and application configuration ● API and application level Key Manager configuration ⦿ Select which key manager should be used with an API ⦿ Configure key manager specific application parameters 21
  • 22. Dynamic Configuration Generation - Admin Portal Admin Portal > Key Managers > Add New Key Manager > Auth0 Configuration related to Key Manager APIs 22
  • 23. Dynamic Configuration Generation - Developer Portal Developer Portal > Application > Oauth2 Tokens Configuration related to applications created in the Key Manager 23
  • 25. Event-based Token Revocation ● Gateway caches need to be invalidated and revoked token information should be persisted upon revocation ● When Key Manager is externalized, there should be a system to notify the gateways ● Key Manager should send the revoked token information (WSO2 Identity Server - Revocation Event, Okta: Event Hooks) ● Depends on different Key Managers ● Currently implemented for WSO2 Identity Server 25
  • 26. Event-based Token Revocation - Message Flow ● User invokes the revoke endpoint with the token to be revoked ● Key Manager invokes the /internal/data/v1/notify endpoint of Traffic Manager with revoked token information ● Traffic Manager processes the revoke token information, persists the revoked token signature in DB ● Traffic Manager generates the token revocation event and sends to the gateway via JMS ● Gateway invalidates the token caches relevant to the revoked token ● The revoked token jti is added in to the revoked token map in Gateway 26
  • 27. Event-based Token Revocation - Message Flow /revoke /internal/data/v1/notify Token Revocation Event Key Manager HTTP HTTP JMS Token Info (jti, etc) 27 Persist revoked token signature AM_DB ● Invalidate token Cache ● Updates Revoked token map
  • 28. More Info ● API Key Manager (Community Call #10) @API Life https://www.youtube.com/watch?v=a37MHagB8So&list=PLC7QzKjxCjo2GBxV c0Rr0LXyNryZVwAts&index=9 ● Securing APIs with WSO2 API Manager and Okta, WSO2 Webinar https://www.youtube.com/watch?v=z9mXnC-0clo 28
  • 30. 30 Next Session ● Thursday, February 18, 2021 ● Click on the community call page link to get notified of the next call or submit your topic suggestions ⦿ Page - https://wso2.com/community/api-management/#CommunityCall ● You can join our ongoing conversations on WSO2 API Manager using the following channels ⦿ Slack invite - apim-slack.wso2.com ⦿ Twitter - @wso2apimanager ⦿ Email - dev@wso2.org ● You can find out more about our product by visiting ⦿ YouTube - bit.do/wso2apimanager ⦿ Website - WSO2 30