Security Dashboard
Security Dashboard is a place where system-admins can go and limit access to API using group membership. It uses the RESTful interface provided by Rakshak to obtain group memberships and other relevant pieces of information about the users.
The Security Dashboard is split into three tabs :
- Authorization Policies - Limit Access to API based on Groups
- Group Management - Create/Edit Groups and Add/Remove Members
- API-Key Management - Issue/Revoke API-Keys
The Authorize Button is used to add groups to the authorized list. The Revoke Button is used to remove groups from having access.
The Group Management tab shows a list of existing groups. By clicking the View/Edit Members button one can add remove users from that group. On the other hand, if a group must be deleted it can be done using the Delete Group button. The Add New Group button allows you to create a new group.
In order for anybody to access Bindaas API, they must have an API-Key. It can be issued/revoked by the system-admin by using this feature. In the search bar one can start typing the username of the user in LDAP (against which Security Dashboard is configured. more details) . The Generate API-Key and Revoke API-Key buttons are used to issue and revoke API-Key of a particular user. The default life-time of an API-Key is one year.
The typical workflow for a system-administrator to authorize a new user to use an API is as follows :
- Enable Authentication and Authorization in Bindaas. This can be done from the administration link - http://localhost:8080/dashboard/administration.
- Assign API-Keys - Make sure that the user has an API-Key. If not issue an API-Key to the user.
- Create Groups - Either create a new group or add the user to an existing group.
- Authorize Group access to API - Using the Authorization Policies tab grant the group, of which the new user is a member of, access to the API
- Verify - Try executing an API to which user should have access to using its API-Key.