Securing your applications includes managing application and API authentication and authorization. {product-title} comes with a number of containerized services to meet these goals that developers can use when building their applications, including 3scale and Red Hat SSO.
APIs are key to applications composed of microservices. Such applications have multiple independent API services, leading to proliferation of service end points, which require additional tools for governance. In addition, Red Hat recommends using an API management tool. {product-title} now includes a containerized version of the 3scale API gateway for enhanced API security.
3scale gives you a variety of standard options for API authentication and security, which can be used alone or in combination to issue credentials and control access: Standard API keys, Application ID and key pair, and OAuth 2.0.
3scale’s access control features go beyond basic security and authentication. Application and account plans let you restrict access to specific end points, methods, and services and apply access policy for groups of users. Application plans allow you to set rate limits for API usage and control traffic flow for groups of developers.
Other features of 3scale include:
-
Set per-period limits for incoming API calls to protect your infrastructure and keep traffic flowing smoothly.
-
Automatically trigger overage alerts for applications that reach or exceed rate limits.
-
Define behavior for over-limit applications.
Web single sign-on (SSO) capabilities are a key part of modern applications. Based on the upstream Keycloak project, Red Hat SSO is a fully supported, out-of-the-box SAML 2.0 or OpenID Connect-based authentication, web single sign-on and federation service. Red Hat SSO 7.1 features client adapters for Red Hat JBoss Fuse and Red Hat JBoss Enterprise Application Platform (JBoss EAP).
Red Hat SSO 7.1 includes a new Node.js client adapter, which enables authentication and web single sign-on for Node.js applications. Red Hat SSO can be integrated with LDAP-based directory services including Microsoft Active Directory and Red Hat Enterprise Linux Identity Management. It also integrates with social login providers such as Facebook, Google, and Twitter.