Hi,
We do have a requirement to implement Service level authorization in Oracle API Gateway 11.1.2.4.0 for the inbound requests.
OAG in our network cannot directly approach OUD for the authorization.
We need to implement within OAG itself.
At the current time, i only have below ideas to implement - but somehow i feel they are not complete.
1. To create a .properties file in OAG - to hold user and service - so on each incoming request - a Java app is implemented to read this file - authorize if the user can access this service.
2. Creating Users and groups and read in the policy if user belongs to that group for authorization.
Have anyone encountered this before?
Appreciate your help.
Thanks.