OAuth2-protected REST APIs
Content:
Introduction
Many tools from Hadoop Ecosystem, and others added by Cosmos Ecosystem, expose REST APIs. These APIs are not usually secured in terms of authentication nor authorization. Even in the case they provide any means of authenticating/authorizing the users, the mechanisms for doing so may be very heterogeneous.
For instance, WebHDFS, a RESTful API for I/O operations on the stored data, is installed as part of the HDFS service. This API provides several native authentication mechanisms that can be enabled (or not) in order to secure your API. Nevertheless, authorization is not natively provided and any other solution from Hadoop ecosystem should be used.
However, you can add authentication and authorization features to WebHDFS in a single step by integrating with FIWARE's Identity Manager (IdM) and Access Control (AC), which are in charge of authentication and authorization respectively. This kind of integration is done thanks to a proxy that intercepts the calls to remote RESTful APIs and enforces they are authenticated against the IdM and authorized against the AC. Mode details on the architecture can be found here. The whole picture is completed by adding an OAuth2 Tokens Generator, since everything works based on OAuth2.
Installation
Please refer to this Installation and Administration Guide in order to install Wilma PEP Proxy.
Please refer to the installation section of the README in Github in order to install the OAuth2 Tokens Generator.
Configuration
Please refer to this Installation and Administration Guide in order to configure Wilma PEP Proxy.
Please refer to the configuration section of the README in Github in order to configure the OAuth2 Tokens Generator.
Running
Please refer to this Installation and Administration Guide in order to run Wilma PEP Proxy.
Please refer to the running section of the README in Github in order to configure the OAuth2 Tokens Generator.
Administration
Please refer to this Installation and Administration Guide in order to administrate Wilma PEP Proxy.
Please refer to the administration section of the README in Github in order to configure the OAuth2 Tokens Generator.