IBM OMS Gateway Operator overview
The IBM® OMS Gateway Operator is a lightweight, scalable application that provides consistent, secure access through JSON Web Token (JWT) to all the deployed back-end services.
The OMS Gateway is an API gateway component that secures the IBM Sterling Intelligent Promising container cluster APIs through JWT verification process. Only JWT-based authentication is supported. All external APIs for the Sterling Intelligent Promising container cluster must have a JWT. These tokens are verified by OMS Gateway before the request is routed to the IBM Sterling Intelligent Promising container cluster. For more information, see omsGateway parameter.
Token verification through OMS Gateway application
The OMS Gateway application must be configured to access Sterling Intelligent
Promising. The
OMS Gateway only verifies tokens, and does not issue any JSON Web Tokens. Each incoming request must
carry a JWT as a bearer token in the authorization header. This token must be generated through a
corresponding private key for which the public key is configured in the OMS Gateway application.
Ensure that the configured key is generated by using supported algorithm. You can configure multiple
keys per iss4uer. Every incoming request first passes through JWT verification process. The
verification process expects the JWT to have iss (token issuer name as configured
in issuer configuration) and exp (token expiry) claims at minimum. Only the
requests that have a valid JWT are passed to the Sterling Intelligent
Promising and the
response is returned to the caller. You must restart the OMS Gateway application, if you modify the
JWT issuer configuration.
OMS Gateway Skip Authentication feature
The OMS Gateway provides an authentication layer for Sterling Intelligent Promising through JWT verification. The Skip Authentication feature enables container users to optionally bypass the authentication layer within the OMS Gateway.
When this feature is enabled, the OMS Gateway can be configured in Bring Your Own Authentication (BYOA) mode. In BYOA mode, the authentication layer is skipped, and the Gateway assumes that authentication is handled externally.