Topic
  • 5 replies
  • Latest Post - ‏2014-06-27T15:47:37Z by snarif
DPUser14
DPUser14
89 Posts

Pinned topic RSA & OAuth V1 Implementation

‏2014-06-10T14:31:32Z |

Hi

We are trying to provide Short Term API Security Deployment solutions to our client. We are planning to use RSA & OAuth V1 for implementation.

Wondering if anybody has the exposure on the above solution. Appreciate if you share your inputs.

 

  • alanholc
    alanholc
    59 Posts

    Re: RSA & OAuth V1 Implementation

    ‏2014-06-10T16:30:22Z  

    I don't believe OAuth V1 is built in to DP however there is V2 built-in.

    I was able to successfully build a client in DP using OAuth V1 about a year or so back.

    I will try to consolidate my notes and post it here in the next day or two.

  • HermannSW
    HermannSW
    6128 Posts

    Re: RSA & OAuth V1 Implementation

    ‏2014-06-10T17:59:17Z  

    No OAuth V1 support on DataPower, from InfoCenter on "Supported standards and protocols":
    http://pic.dhe.ibm.com/infocenter/wsdatap/v6r0m1/index.jsp?topic=%2Fcom.ibm.dp.xi.doc%2FrelnotesXI.html

    ...

    Security policy enforcement

    • OAuth 2.0
    •  

    ...

     

    Hermann.

  • DPUser14
    DPUser14
    89 Posts

    Re: RSA & OAuth V1 Implementation

    ‏2014-06-11T14:02:48Z  
    • HermannSW
    • ‏2014-06-10T17:59:17Z

    No OAuth V1 support on DataPower, from InfoCenter on "Supported standards and protocols":
    http://pic.dhe.ibm.com/infocenter/wsdatap/v6r0m1/index.jsp?topic=%2Fcom.ibm.dp.xi.doc%2FrelnotesXI.html

    ...

    Security policy enforcement

    • OAuth 2.0
    •  

    ...

     

    Hermann.

    Hi,

    Thanks for the info.

    Alanholc, please provide the info once you get it.

  • alanholc
    alanholc
    59 Posts

    Re: RSA & OAuth V1 Implementation

    ‏2014-06-18T14:56:47Z  
    • DPUser14
    • ‏2014-06-11T14:02:48Z

    Hi,

    Thanks for the info.

    Alanholc, please provide the info once you get it.

    After re-reading your post, it seems you are looking at implementing the server-side OAuth. I believe that's do-able, but I don't have any examples of that...

    The only 'good' example I can provide is a client to call the Yahoo Placefinder BOSS api to return lat,long coordinates...

    If the xsl is of any help, I'm copying it in below. I tried to break out each step so someone could see what it is doing...

    This can be used to test with - I commented out the output pieces that can be used to check the values as it progresses.

    Basically it receives a 'location' parameter (an address)  from a service call, then builds a RESTful URL to be passed on to the Yahoo Placefinder service.

    Of course the oAuthUser and oAuthSecret parameters would have to be passed as well...

    Hope this is at least of some use...

     

    > edit... ok - I attached the thing... can't figure out the code pasting in here...

    Attachments

    Updated on 2014-06-18T15:09:24Z at 2014-06-18T15:09:24Z by alanholc
  • snarif
    snarif
    36 Posts

    Re: RSA & OAuth V1 Implementation

    ‏2014-06-27T15:47:37Z  

    See the article below which shows DP acting as an enforcement point with TFIM as the PDP for OAuth 1.0.  WS-Trust is used for communication b/w DP and TFIM, a similar approach can be employed with RSA.

     

    https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM+Security+Federated+Identity+Manager/page/OAuth+Policy+Enforcement+Point+example+for+DataPower