Open nirajCITZ opened 2 years ago
As per discussion with Aidan, Kong ACL flow is applicable to SSO where user sign in with SIteMinder and based on user group on SSO Identity Management, Kong allow the user to allow or deny the service access. In APS we uses API and Client Credentials as Authentication and uses Keycloak as Identity management, Kong ACL only would not be applicable. Even Siteminder would be rid off eventually moving to Keycloak
Kong ACL only is currently used by a client that uses Siteminder to login. Other branch services also use it. This is valuable to include in the automation tests.