In this lab you will test the security enhancements for the International Inc. Locations web application.
Audience: API Consumers, Developers, Architects
Overview
This lab demonstrates the International Inc. Locations page using our newly authenticated locations API.
Why Red Hat?
Applications can be built from many technologies. In this case we use a simple web application, but a wide range of Red Hat and non-Red Hat technologies could be used.
Credentials:
Your username is: {user-username}
Your password is: openshift
OpenShift allows you to automatically redeploy your changes when you setup a Continuous Integration / Continuous Deployment (CI/CD) pipeline through the use of a webhook. For this lab we will trigger the new build and deployment manually through the OpenShift Console.
-
Launch a new tab on your web browser.
-
Navigate to the Solution Explorer on that tab.
-
Click on the Red Hat OpenShift link.
-
Open your OpenShift Console. Navigate to your project’s overview page. It will be called
{user-username}. -
Scroll down and click in the www link in the Builds section.
-
In the build configuration page, find the CLIENT_ID value. It should be
CHANGE_ME.
-
Find the value of the client Id from the Developer Portal in the previous lab and enter this value for CLIENT_ID in the build.
-
Click the Save button to persist the changes. A green pop up will show you that the changes were saved.
-
Click the Start Build button to trigger a new build using the new environment variables pointing to your service.
-
A new build will be triggered. Expand the logs and monitor until the build is marked complete.
The build process checks out the code from the git repo, runs a source-to-image container image build, and redeploys the container with the new image using a rolling upgrade strategy.
-
Wait for until the new Build to complete and the rolling upgrade to finish to test your new deployment.
Now the application is configured and ready to be tested.
Was the build successful?
Try to redo this section, if any problem persists have your instructor check the build.
Redirect URLs are a critical part of the OAuth flow. After a user successfully authorizes an application, the authorization server will redirect the user back to the application with either an authorization code or access token in the URL. Because the redirect URL will contain sensitive information, it is critical that the service doesn’t redirect the user to arbitrary locations.
-
Open a browser window and navigate to SSO Admin
-
Log into Red Hat Single Sign On using your credentials. Click on Sign In.
-
Select Clients from the left menu.
3scale, through it’s zync component, already synchronized the application information into the Red Hat SSO security realm.
-
Click on the CLIENT_ID link to view the details.
Remember to select CLIENT_ID with the one you got in the Integrator Lab 4 API Security Lab. It will easily identifiable as its and hexadecimal name.
If you do not find the CLIENT_ID, make sure you correctly executed the sync between 3scale and RHSSO in Lab 4, Task 3.11. You should also check Step 1.4 in this lab to ensure that the SSO_URL correctly begins with `https://`
-
Scroll down, type in and select the following options in the application configuration:
Field Value Access Type
Public
Standard Flow Enabled
ON
Implicit Flow Enabled
OFF
Valid Redirect URIs
Web Origins
*
-
Finally, click Save button to persist the changes.
Were you able to make and save the changes?
Try to redo this section, if any problem persists have your instructor check the Kubernetes pod that contains the RH SSO application.
International Inc web development create a Node.js application for the company home page. They added a map service to locate the offices around the world. In this step you will deploy that application.
-
Open a browser tab and navigate to
http://www-{user-username}.{openshift-app-host}. -
You should now see what the development team created for International Inc. Click LOCATIONS to check the locations page.
-
You can notice now the Sign In button in the page.
Does the Sign In button appear?
Try to redo this section, if any problem persists have your instructor check the Kubernetes pod that contains the web application.
-
Let’s test the integration. Click the Sign In button.
-
You are being redirected to Red Hat Single Sign On Login Page. Login using the user credentials you created in the API Security Lab
-
Username: apiuser
-
Password: apipassword
-
-
You will be redirected again to the LOCATIONS page where now you will be able to see the map with the International Inc Offices.
Are you able to observe the new locations?
Try to redo this section, if any problem persists have your instructor check the Kubernetes pod that contains the web application.
Congratulations! You have successfully tested the International Inc. Locations webpage using a full SSO authenticated API.
In total you should now have been able to follow all the steps from designing and API, deploying it’s code, issuing keys, connecting OpenID connect and calling it from an application. This gives you a brief overview of the creation and deployment of an API. There are many variations and extensions of these general principles to explore!
So, you want more? If you have time, you can try our bonus lab. This lab focuses demonstrates Fuse Online, showcasing Apicurito to define your API contract, autogenerate an integration, deploy it, then secure your newly created API using 3scale Smart Discovery.
If you’d like to try this out, you can now proceed to Lab 7