OAuth proxy to static dashboard #23
Description
The static-creds-broker is designed for returning credentials of existing services already provisionned (e.g. an http cache service configured for a given application). Such existing services might already expose UIs to manage the service.
The static-creds-broker responsibility could therefore be to bridge authentication between CF UAA-based authentication and the remote existing service authentication.
The remote service authentication could be expecting:
- HTTP basic auth (auth) + HTTPS (confidentiality)
The static-creds broker would then act as an HTTP gateway between the app team identitied in CF and the legacy service UI.
Possible yml expression:
# security properties could be removed, if it's configured in the manifest.yml through environment variable SECURITY_USER_NAME and SECURITY_USER_PASSWORD
security:
user:
password: <broker_password>
services:
CACHE:
DESCRIPTION: My existing service
METADATA:
LONGDESCRIPTION: A long description for my service
CREDENTIALS:
HOSTNAME: http://company.com
DASHBOARD_GATEWAY:
url: https://login:[email protected]
PLAN:
PLAN1:
NAME: cache1
CREDENTIALS:
URI: http://mydev-api.org/cache1
ACCESS_KEY: AZERT23456664DFDSFSDFDSF
DASHBOARD_GATEWAY:
url: https://login:[email protected]/cache1
HOSTNAME: http://prod.company.com
PLAN2:
NAME: cache2
CREDENTIALS:
URI: http://mydev-api.org/cache2
ACCESS_KEY: SFFGSFZSF
DASHBOARD_GATEWAY:
url: https://login:[email protected]/cache2
HOSTNAME: http://prod.company.comIn terms of supporting flexible authentication and request mapping the spring-cloud-netflix routing could be a powerfull approachn with rich, expressive routing, filtering ... rules that would be embbeded in the static-creds subtree as sub elements of the DASHBOARD_GATEWAY part.