Skip to main content
Redhat Developers  Logo
  • Products

    Featured

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat OpenShift AI
      Red Hat OpenShift AI
    • Red Hat Enterprise Linux AI
      Linux icon inside of a brain
    • Image mode for Red Hat Enterprise Linux
      RHEL image mode
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • Red Hat Developer Hub
      Developer Hub
    • View All Red Hat Products
    • Linux

      • Red Hat Enterprise Linux
      • Image mode for Red Hat Enterprise Linux
      • Red Hat Universal Base Images (UBI)
    • Java runtimes & frameworks

      • JBoss Enterprise Application Platform
      • Red Hat build of OpenJDK
    • Kubernetes

      • Red Hat OpenShift
      • Microsoft Azure Red Hat OpenShift
      • Red Hat OpenShift Virtualization
      • Red Hat OpenShift Lightspeed
    • Integration & App Connectivity

      • Red Hat Build of Apache Camel
      • Red Hat Service Interconnect
      • Red Hat Connectivity Link
    • AI/ML

      • Red Hat OpenShift AI
      • Red Hat Enterprise Linux AI
    • Automation

      • Red Hat Ansible Automation Platform
      • Red Hat Ansible Lightspeed
    • Developer tools

      • Red Hat Trusted Software Supply Chain
      • Podman Desktop
      • Red Hat OpenShift Dev Spaces
    • Developer Sandbox

      Developer Sandbox
      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Secure Development & Architectures

      • Security
      • Secure coding
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
      • View All Technologies
    • Start exploring in the Developer Sandbox for free

      sandbox graphic
      Try Red Hat's products and technologies without setup or configuration.
    • Try at no cost
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • Java
      Java icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • API Catalog
    • Product Documentation
    • Legacy Documentation
    • Red Hat Learning

      Learning image
      Boost your technical skills to expert-level with the help of interactive lessons offered by various Red Hat Learning programs.
    • Explore Red Hat Learning
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

3scale by Red Hat API and Identity Management Series

March 6, 2018
Vinay Bhalerao
Related topics:
Security
Related products:
Red Hat 3scale API Management

Share:

    Today’s modern infrastructure faces the complex challenge of managing user’s access to the resources. To protect system and data integrity, companies have implemented identity and access management (IAM) solutions for their in-house systems. IAM solutions address three major concepts: identity, authentication, and authorization.  Their job is to ensure that only authenticated and authorized users have access to resources or information. Every IAM solution on the market provides a great set of features such as:

    • Single Sign-On (SSO)
    • Centralized policy-based authentication and authorization
    • Identity federation

    Sweet!! But what is the challenge here?

    In the past, it was simply a matter of which users had access to which systems.  Today there are multiple applications running on multiple devices that are accessing data and systems on behalf of users. There is pressure to provide APIs (such as RESTful interfaces) to all systems for agility, and to enable business process automation. As a result, it has become nearly impossible for organizations to understand which apps are accessing which resources and to provide comprehensive access controls. Fortunately, API management technology is available to provide:

    • Security and authentication (API key, OAuth2.0, etc.)
    • Rate limiting and throttling policies
    • Monitoring and analytics
    • Metering and billing (monetization)
    • Developer experience (Content Management System)
    • and more..

    3scale by Red Hat is Red Hat's API management platform.

    Some may consider IAM and API management to be separate solutions in separate domains. While each does serve a unique purpose, in my view, there is an overlap where access by client applications are concerned. See the following illustration:

    Intersection of two domains

    There are many Identity Providers (IdP) in the market (Red Hat Single Sign-On, Forgerock, Ping Identity, Auth0, Okta, etc.). The challenge is integration between these IdPs and an API management solution. 3scale by Red Hat, with its pluggable and scalable architecture, can easily integrate with the popular IdPs. This is my motivation to start this series of blog articles on 3scale by Red Hat integration with several different IdPs.

    Below are few resources that will help you to better understand OpenID connect (OIDC) and JSON Web Token (JWT):

    • OpenID connect explained
    • Overview of OpenID connect
    • OpenID connect core specification
    • RFC 7519: JSON Web Token

    Let’s dive into the technical details.

    To stay consistent throughout the series, I'll stick to one use case to see how every IdP can be integrated using 3scale by Red Hat.

    Use case

    • A company we'll call Acme, has a subscription backend API endpoint that provides the subscriptions status for products to customers. They would like to expose the endpoint to customers, but want to do it in a secure fashion.
    • Acme would like to use an existing identity provider, and use the issued token to control access.

    Details
    Acme would like to identify the users using OIDC and generate a JWT token:

    • The JWT will be used for the API calls. The backend will extract the JWT, extract the user profile, pull the subscription information, and send back the API response.
    • To complete the handshake, we will be using OAuth2 Implicit Grant flow.

    Architecture

    Architecture diagram

    • The Client App sends an authorize request to 3scale by Red Hat.
    • The 3scale (API manager and API gateway) communicates with the IdP.
    • The IdP authenticates and authorizes the user.  It then generates a JWT for the API back-ends to consume.
    • The API back-end (the resource server) extracts the JWT and sends back a successful response.

    For more information, see the tutorial written by Hugo Guerrero, "HOW-TO setup 3scale OpenID Connect (OIDC) Integration with RH SSO".

    Red Hat Single Sign-On (RHSSO) is a certified OpenID Connect provider (source).

    The next article in this series will demonstrate how to integrate 3scale by Red Hat and Forgerock with the above use case.

    Last updated: September 3, 2019

    Recent Posts

    • Alternatives to creating bootc images from scratch

    • How to update OpenStack Services on OpenShift

    • How to integrate vLLM inference into your macOS and iOS apps

    • How Insights events enhance system life cycle management

    • Meet the Red Hat Node.js team at PowerUP 2025

    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue