This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
This site is in read only until July 22 as we migrate to a new platform; refer to this community post for more details.
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Integrate Oracle AM with Apigee

Posted on 01-13-2022 01:56 AM
Stuti
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

How can I integrate Oracle Access Management system with Apigee to perform the authentication-authorization? Because Apigee talks about fetching the roles from the Google IdP, so is there a way to connect to Oracle AM? 

0 1 177
Topic Labels
0 Likes
Reply
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

How can I integrate Oracle Access Management system with Apigee to perform the authentication-authorization? Because Apigee talks about fetching the roles from the Google IdP, so is there a way to connect to Oracle AM?

Let's be clear about what we're talking about here. There are multiple audiences of users that interact with Apigee systems:

  1. administrators and operators - these are people who configure API proxies and products, interact with Apigee through the administrative UI and maybe the Apigee API.
  2. Developers who want to understand what APIs are available from Apigee. These people interact with Apigee through the developer portal.
  3. End-users of Apigee-managed APIs

The answer to "can we integrate Apigee with Oracle AM?" is slightly different for each of these user groups.

For #1, admins and operators, these people must be identified through Google Identity. The Role-Based Access Control (RBAC) that limits what these people can do (create proxies, deploy proxies, modify API Products, execute Analytics reports, etc) depends on roles and permissions attached to those roles, which are managed within the Google IdP. It is possible for you to build your own synchronization between some external system (maybe Oracle AM) and Google IDP , to map between things in that external system and roles in Google IdP. But that synchronization is up to you to build and maintain. There may be some nifty tool that already does the mapping between Oracle AM and Google IdP, but I don't know of it.

As for group #2, the answer is similar. Here the permissions are governed not by Google IdP roles, but by audiences managed within the integrated developer portal. And here again, you could build a tool to synchronize between the external system and the audiences in the developer portal.

For group #3, yes, you can do it. I don't have the exact details, but the last time I looked at Oracle AM, I believe I learned that there is a network interface for that system. I Think it might be a SOAP interface? Anyway you can build your API proxy to call out directly to Oracle AM to extract roles and etc. Effectively use Oracle AM as the "policy decision point" while Apigee acts as the runtime "policy execution point."

I hope this helps clarify.

0 Likes
Reply
Top Solution Authors
View all