Test 'Kong ACL only' authorization flow

bcgov / api-services-portal

API Services Portal provides a multi-tenant frontend integrating API Gateway and Authorization services from Kong CE and Keycloak.

https://api.gov.bc.ca

Apache License 2.0

22 stars 7 forks source link

Test 'Kong ACL only' authorization flow #296

Open nirajCITZ opened 2 years ago

nirajCITZ commented 2 years ago

Kong ACL only is currently used by a client that uses Siteminder to login. Other branch services also use it. This is valuable to include in the automation tests.

nirajCITZ commented 1 year ago

As per discussion with Aidan, Kong ACL flow is applicable to SSO where user sign in with SIteMinder and based on user group on SSO Identity Management, Kong allow the user to allow or deny the service access. In APS we uses API and Client Credentials as Authentication and uses Keycloak as Identity management, Kong ACL only would not be applicable. Even Siteminder would be rid off eventually moving to Keycloak