Apache Apisix¶
Presentation¶
Apache Apisix is a modern, high-performance, and cloud-native API gateway that enables you to manage and secure your API traffic effectively. It acts as an intermediary between clients and backend services, providing features such as load balancing, authentication, rate limiting, traffic control, and more
Configuration¶
LemonLDAP::NG¶
Make sure you have already enabled OpenID Connect on your LemonLDAP::NG server.
Then, add a Relaying Party with the following configuration:
Client ID : choose a client ID, such as
james_client_idClient Secret : choose a client secret, such as
james_client_secretLogout URL: endpoint to Apisix revoked token plugin, such as
http://apisix.example.com:8081/add-revoked-tokenLogin redirect URI: such as
http://apisix.example.com:8081/login-callback.html
Define exported attributes:
email: the user identifier
Apisix¶
The Apisix route configuration for OIDC is as follows: (based on openid-connect plugins)
services:
-
id: jmap_service_oidc
upstream_id: jmap_upstream
plugins:
openid-connect:
_meta:
filter:
- - request_method
- "~="
- OPTIONS
client_id: "james_client_id"
client_secret: "james_client_secret"
discovery: "http://lemonldap.domain/auth/realms/oidc/.well-known/openid-configuration"
scope: "openid profile email"
bearer_only: true
use_jwks: true
Note
The example with Apisix and Apache James can be found here: https://github.com/apache/james-project/blob/master/examples/oidc/README.md