Archives Mamoon Yunus

How to create a REST policy in Forum Sentry

By | Date posted: April 5, 2014

In this tutorial, you will learn how to create a REST policy in Forum Sentry. As an API gateway, Forum Sentry enables you to lockdown APIs that generate XML and JSON traffic in your network. Three simple steps are required for setting up a REST policy: i) Registering the RESTful service endpoint ii) Setting up a listener iii) Configuring a REST policy that ties the listener and the endpoint. Let’s go through these steps.
Read more

NFS to Amazon S3 using Forum Sentry Cloud Controller

By | Date posted: March 3, 2014

Forum Sentry Cloud Controller offers a robust NFS listener than enables NFS clients to move files to Amazon S3 and other cloud providers. Whether you need to rotate your log files, backup your customer database, or just scale out to infinite storage in the cloud, Forum Sentry Cloud Controller provides you with the highest access control and encryption functionality to bridge data movement from your application servers to the public cloud.

In this tutorial, you’ll learn how to setup an NFS listener and connect it to Amazon S3.  You will then learn how to mount and create folders and files from a Linux terminal with the content created in Amazon S3.

Read more

API Identity Management with LDAP Server

By | Date posted: February 24, 2014

Most corporations deploy LDAP severs such as OpenLDAP to store identities used for SSO and API identity management.   Application users authenticate against these LDAP servers to gain access to APIs.  To avoid an intrusive, non-scalable agent-based model — where every application installs and manages an agent for authentication and authorization — enterprises generally opt to simplify to a centralized model by deploying API gateways.  In this tutorial, you will learn how to use an LDAP server along with Forum Sentry API Gateway to enable access control of your APIs.

Read more

Online LDAP Test Server

By | Date posted: February 22, 2014

Here are the credentials for an Online LDAP Test Server that you can use for testing your applications that require LDAP-based authentication.  Our goal is to eliminate the need for you to download, install and configure an LDAP sever for testing. If all you need is to test connectivity and authentication against a few identities, you have come to the right place.  If you find this useful or would like us to enhance/modify this test LDAP server, please leave a comment.
Read more

Infinite cloud storage scale-out with enterprise IdMs

By | Date posted: February 17, 2014

Public cloud storage providers such as Amazon S3, Google Cloud Storage, and Rackspace Cloud Files provide practically infinite storage capacity for enterprise data centers. A secure scale-out of corporate data storage by using public cloud providers requires traversing the public-private cloud boundary.  Identity management is a crucial aspect of enabling this boundary traversal for companies that want to retain control of their identities regardless of the public cloud storage provider they choose.
Read more

Using HTTP Basic Auth for API Identity Management

By | Date posted:

APIs are proliferating corporate networks.  Business owners seek APIs that solve their requirements regardless of whether the APIs are homegrown or provided by 3rd party cloud providers.  In both cases — internal and external APIs — controls have to be enforced on who gets to use what API.  API control requires enabling Identity Management for APIs. In this tutorial, we will use Forum Sentry to lockdown an external API with on-board users, groups and ACLs with simple point-and-click, code-free configuration.

Read more

Users, Groups and ACLs for API Identity Management

By | Date posted: February 10, 2014

Identity management is the cornerstone for building a secure infrastructure that uses internal and 3rd party APIs.  By defining users, groups, and access control lists (ACLs), companies can granularly control who gets to use what API-based resource.  In this tutorial, we will configure users, groups and ACLs on Forum Sentry API Gateway for authenticating users and authorizing API access.   Once configured, any token type such as OAuth, SAML, or cookies can be used to present user credentials to Forum Sentry for validation against on-board users.

Read more

Protecting your API Listener through SSL

By | Date posted: February 5, 2014

In this tutorial, you will learn how to rapidly protect your corporate APIs by providing a centralized SSL policy for your service.  We will use three components for this tutorial:  (i) TempConvert – a publicly available service that will be the corporate service that you plan to protect through SSL (ii) Forum Sentry to enable centralized API security via an SSL policy (iii) SOAPSonar used as a testing tool.  Download and install Forum Sentry and SOAPSonar to follow this tutorial.

Read more

Signer Groups and CRLs for API Security

By | Date posted: February 3, 2014

Signer Group for API SecuritySigner Groups and CRLs are the cornerstone of PKI management necessary for API Security. In asymmetric cryptography used for SSL, when an X.509 certificate is presented to a client or a server, a process of certificate chain validation establishes trust in the X.509 certificate and the public key that it represents.  Certificate chain validation requires intermediate and root certificates that are embedded in the client (e.g., a browser) or a server (e.g., an Apache server).  Additionally, if an X.509 certificate is compromised, through Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol OCSP, certificates can be marked as revoked such that any entity presenting such certificates cannot be trusted.  Certificate validation through Signer Groups and revocation though CRLs or OCSP form the backbone of PKI management necessary for SSL, XML, SOAP and Big Data security.

In the tutorial, we will show how to enable and manage Signer Groups and CRLs rapidly for establishing APIs security using Forum Sentry API Gateway.

Read more

Advantages of API Gateway for managing SSL

By | Date posted:

Through SSL (SSLv3, TLS v1.1/1.2), API Gateways such as Forum Sentry rapidly secure your APIs that shuttle XML, JSON, HTML, SOAP and Big Data.  API Gateways typically sit in front of  your IT components such as web servers, application servers, ESBs and message queues.

Although most infrastructure components have SSL facilities that can be configured, however, enabling such facilities pose the following issues for enterprises:
Read more