Seamless developer portal authentication with 3scale and RHSSO

About four months ago, Red Hat announced that it was acquiring 3scale. (Almost two years ago, Red Hat and 3scale announced a joint solution relationship for 3scale's API Management Platform and Red Hat's Middleware portfolio.) As the acquisition settles in, 3scale is already starting to integrate with middleware products, which will strengthen developers' abilities to design and implement API initiatives and services.

This first point of integration is between the 3scale Management Platform and Red Hat Single Sign-On: more specifically, for the developer portal authentication.

3scale offers an out-of-the-box developer portal to make it easier for API providers to get partners, customers, team members, and others to sign up for their APIs. Until now, it offered SSO with GitHub, but integrating with Red Hat Single Sign-On opens up a lot of possibilities both for external API programs (more social logins) and internal ones (user federation).

Seamless developer portal sign-in

API providers can choose to use Red Hat Single Sign-On as an identity broker, allowing single sign-on with a variety of social logins including GitHub, LinkedIn, Twitter, Google, Microsoft, and StackOverflow. Or they can choose to federate internal user stores, including LDAP, Kerberos, and Active Directory, and allow corporate users to immediately access the API developer portal.

Either way, this provides a seamless signup experience in which creating a new account on Red Hat Single Sign-On and 3scale can be completely transparent for the end user -- all they have to do is use an existing user account.

Even after the initial sign-up, the developer portal for API management can use the same authentication cache as other services and resources on the network. This is the ease of single sign-on; with a centralized provider (like GitHub or a corporate Active Directory server), the user only has to log in a single time to access any available, configured resource.

The additional benefit of using Red Hat Single Sign-On to manage client authentication is that it already integrates with the entire JBoss Middleware product suite, so any other JBoss middleware product within the environment can use the same user store for authentication and authorization. For developers, they can then use the same credentials cache for their API portal and for the other tools they use for app development (like business rules or the application platform).

It's a cleaner developer experience.

Pre-Requisites

3scale by Red Hat is a SaaS product, if you’re not yet a customer, you can create an account at https://www.3scale.net.

You will also need an installed RH-SSO server (subscriptions are available through JBoss Core Services, which comes with almost every Red Hat JBoss product). Alternatively, you could also use Keycloak, which is the community version of RH-SSO. This is simple to use for evaluation and development, but production deployments should use a supported enterprise product.