Note that using this template is subject to the conditions of this License Agreement. Please review the terms of the license before downloading and using this template. In short, you are allowed to use the template for free with Mule ESB, CloudHub, or as a trial in Anypoint Studio.
The primary responsibility of an OAuth2 provider is to control access to protected resources. Playing the part of both the Authorization server and the Resource server, the OAuth provider module hosts the protected resources and issues tokens to access protected resources without sharing the resource owner's credentials with the client applications.
Applying this template will provide you with an OAuth provider custom fitted for your organization, that can be reused by all the APIs belonging to the organization, regardless of their Business Group. You will be able to use HTTPs protocol as well as the authentication method that best meets your needs. In that regard, you will be provided with two templates: A simple 1-user-1-password security provider (great for POCs) and a production security provider that can be configured using LDAP(s). Take into account that you are not restricted to those two authentication methods; you can implement your own flavor of authorization functionality.
Also, you can define different scopes on your OAuth provider, and then restrict access to your API by enforcing a token is provided, which was requested to the provider using the same scope(s) specified when protecting the API.
It is assumed that you are familiar with the policy documentation.
LDAP Configuration is similar to the one described for LDAP security provider policy. You will need to know:
- LDAP URL
- LDAP user DN
- LDAP password
- LDAP search base
- LDAP search filter
Simple steps to get API Gateway External OAuth2 Provider running.
In this section we detail the way you should run your Anypoint Template on your computer.
First thing to know if you are a newcomer to Anypoint Studio is where to get the tools.
- You can download Mule Studio from this Location
Mule Studio offers several ways to import a project into the workspace, for instance:
- Directly from Anypoint Exchange
- Anypoint Studio generated Deployable Archive (.zip)
- Anypoint Studio Project from External Location
- Maven-based Mule Project from pom.xml
You can find a detailed description on how to do so in this Documentation Page.
Once you have imported your Anypoint Template into Anypoint Studio you need to follow these steps to run it:
- Locate the properties file
mule.dev.properties, in src/main/resources - Complete all the properties required as per the examples in the section Properties to be configured
- Once that is done, right click on you Anypoint Template project folder
- Hover you mouse over
"Run as" - Click on
"Mule Application"
Note: It is assumed that the runtime defined on your project is Mule 3.8.0 or greater.
Complete all properties in one of the property files, for example in mule.prod.properties and run your app with the corresponding environment variables to use it (additional details can be found here). To follow the example, this will be mule.env=prod.
While creating your application on CloudHub (Or you can do it later as a next step), you need to go to Deployment > Advanced to set all environment variables detailed in Properties to be configured as well as the mule.env.
Mule Studio provides you with really easy way to deploy your Template directly to CloudHub, for the specific steps to do so please check this link
In order to use this Mule Anypoint Template you need to configure properties (Credentials, configurations, etc.) either in properties file or in CloudHub as Environment Variables. Detailed list with examples:
- https.port
8082
Follow the instructions that can be found here
- key.store.password
mule123 - key.store.key.password
mule123 - key.store.path
keystore.jks
- ldap.userDn
<cn=Manager,dc=yourcompany,dc=com> - ldap.password
<pass> - ldap.url
<ldaps://ldap.cloudhub.io:3636> - ldap.user.search.filter.1
<ou=people,dc=muleforge,dc=org> - ldap.user.search.filter.2
<(uid={0})>
- validate.endpoint.path
aes/external/validate - authorization.endpoint.path
aes/external/authorize - access.token.endpoint.path
aes/external/access-token
- scopes
READ WRITE
- supported.grant.types
AUTHORIZATION_CODE RESOURCE_OWNER_PASSWORD_CREDENTIALS CLIENT_CREDENTIALS IMPLICIT(all supported types separated by spaces)