Dariusz Suchojad
April 3, 2018
Topics: SSO
Single Sign-On and User Management APIs at a Glance
As an enterprise integration platform and backend, API-oriented, application server, Zato 3.0 ships with Single Sign-On and User Management APIs whose many exciting features are detailed in this blog post.
-
No need for maintaining one’s own user database
-
Everything is API-based - user creation, updates, logging in, logging out, checking access, creating sessions, validating sessions, search, there is an API call for everything
-
Strong encryption and safe data storage assist in achieving compliance with regulations such as HIPAA or EU GDPR
-
APIs exist for both REST and Python calls which means that everything is also available to user-based services communicating through additional protocols, such as AMQP, WebSockets, ZeroMQ, IBM MQ or any other that Zato supports
-
Comes with a built-in workflow for user signup, including user approval and welcome messages - just fill in the email templates
-
Personally Identifiable Information (PII) can be optionally encrypted and decrypted without any programming needed
-
Both users and their sessions can be given arbitrary key/value tags, also optionally encrypted and decrypted on the fly
-
Users can be required to log in from selected applications only
-
Users can be required to access APIs from selected IP addresses only
-
Passwords are always hashed (PBKDF2) and, by default, encrypted as well (Fernet)
-
PBKDF2 parameters can be easily fine-tuned in each environment separately
-
Configurable warnings of an approaching password expiry
-
Password strength enforcement, including length checks and blacklisting of the most commonly used ones
-
Audit log keeps track of who accesses personal information and for what purpose
-
Clearly defined roles - regular users and admins (super-users)
-
Convenient command line tools for scripted management of user accounts, including typical tasks such as resetting a user’s password or locking and unlocking an account
-
Extensive documentation covering the functionality, including dozens of REST and Python examples
The functionality is a major addition to Zato in version 3.0 and can be expected to expand with each new release, including support for additional authentication methods and interoperability with existing authentication protocols, yet in its initial form it can already handle a lot of use-cases and processes.
In particular, if you are creating applications that would not otherwise need a full server nor a database, e.g. single-page apps or mobile ones, be sure to check the new APIs out!
Previous Article
Load-balancing HTTP and WebSocket channels with Docker in AWS
With the addition of WebSocket channels in Zato 3.0, a question arises of how to combine both HTTP and WebSocket channels in Zato environments. This article shows how a Docker container running in AWS can be configured to expose a single port to handle both kind of requests, including health-status checks from Amazon’s ALB (Application Load Balancer).
March 10, 2018
Zato 3.0 release announcement
Zato 3.0 has just been released - this is a major release that brings a lot of immensely interesting API integration features.
June 2, 2018