1

I have multiple web services that need to be integrated into one solution. One frontend would provide access to features from all services. Each of the services has its own native authentication, and keeps its own users' data. Services don't support OAuth or SAML. What I need to achieve is that when a user gets logged in, he can actually access all services with one central account. (However, each service needs to have corresponding user data).

When a user is created, he will have an account created in some central authentication service, as well as in all other services. So when the user authenticates against the central authorization service, it would be good if somehow the right credentials would be attached to requests to a certain service.

Lets say I have

  • A - authentication service
  • B - some service
  • C - some other service

When a user is created/registered on A, accounts on B and C are automatically created (with the same password). When the user tries to access a resource on B or C, if not authenticated, he will be redirected to authentication. After the authentication is successful, the original request will have credentials attached for that service so that native authentication on the service B can be performed.

Improve this question
3
  • 1
    You should add some words to your question which solution ideas you already have, why you think they are not sufficient to solve your problem, and what question you actually have (and please use the "edit" feature for this, do not try to add this crucial information by adding some comments.) Commented Mar 10, 2019 at 14:45
  • What's the problem with SSOs? It sounds very similar to what CAS and others SSO can do. Commented Apr 3, 2019 at 20:18
  • Err ... wait. What's the question? (Voting to close.) Commented May 4, 2019 at 1:02

1 Answer 1

Reset to default
0

You need three components:

  1. Identity provider. A typical identity provider service supports authentication, authorization, user management and so on. There are plenty of them out there, commercial and Open Source. Your central authentication service (service A) might fit this role.

  2. Authentication / authorization gateway. Intercepts the request to your services B and/or C and decides what to do from there. The request uses a standard protocol such as SAML or oAuth. Nowadays this is one part (or a whole of) of an API Gateway or a similar-purpose component. Namely, you want the gateway to perform at least three tasks:

    • authentication. On failure, redirect somewhere
    • token translation. On successful authentication, translate from standard token to proprietary format required by your target service
    • authorization: authenticated user X is authorized to use service B but not service C, for example

  3. Glue. Sticky material that affixes #2 to your target services B and C. Based on your threat model, make sure that parties can only access services B and C via your gateway.

Good discussion of this topic: https://medium.com/tech-tajawal/microservice-authentication-and-authorization-solutions-e0e5e74b248a

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.