Configure Published API Projects in API Gateway

Configure Published API Projects in API Gateway
lac53
Configure the published API by updating the context variables in Layer7 API Gateway to reflect your environment and by specifying the role mappings.
In this article:
2
Verify the Prerequisites
Ensure that you have completed the following prerequisites:
Review and Confirm the Context Variables to Reflect your Environment
Follow these steps:
  1. In the Policy Manager, expand the 
    LiveAPICreator/LAC Projects
     folder and open the published API project by double-clicking the project name.
  2. Display comments within the project by clicking 
    Show Comments
    .
  3. Expand the All assertions must evaluate to true // LAC-00-Project Configuration policy.
  4. Review and confirm that the following context variables are set as indicated:
    project.forwaded.httpScheme
    Expression value:
     https
    project.forwarded.port
    Expression value:
     8443
    project.forwarded.hostname
    Expression value:
     ${gateway.cluster.hostname}
    project.name
    Expression value:
     The URL fragment for your published API project.
    Example:
     demo
    project.version
    Expression value:
     Your current API version.
    Example:
     v1
     
    project.endpoint.hostname
    Expression value:
     Your API Server name.
    Example:
     lacserver1.
    project.endpoint.port
    Expression value:
     8081
    project.endpoint.httpScheme
    Expression value:
     https
    project.rootPath
    Expression value:
     rest/default
Set up API Access Permissions
Set up API access permissions by mapping groups retrieved from an identity provider which is configured in API Gateway to API Creator roles. The reference LiveApiCreator service includes reference policy fragments that illustrate how to map API Gateway groups to API Creator roles. Customize the reference policy to reflect your system landscape by configuring and enabling the API Gateway-identity provider groups to API Creator roles.
Complete 
one
 of the following:
Configure a Simple Internal Identity Provider
In the Policy Manager, from the 
LiveApiCreator/LAC Projects
 directory, open your published API project.
Under the Project Configuration policy fragment, open and modify the following context variables:
project.roleMappingType
Set the expression to 'simple'.
project.simpleRoleMapper.users
Adjust the value to reflect your user and group configuration.
As a reference point, the value for this context variable illustrates how the internal admin user is mapped to the internal, hard-coded API Gateway-defined Developer and Documentation groups.
project.simpleRoleMapping.defaultRole
Adjust the expression value to reflect the default role.
If you do not adjust the expression value for this context variable, then API Gateway uses the expression value of the 
project.simpleRoleMapping.defaultRole
 context variable as the API Creator-defined API Documentation role.
project.simpleRoleMapper.userRoles
Adjust the expression value to reflect the mapping of API Gateway group to your published API's roles in API Creator.
The default value for this context variable illustrates how the groups in API Gateway is mapped to the roles defined in API Creator.
In the following example, the Demo API is published to API Gateway, The Developer group in API Gateway is mapped to the API Owner role in API Creator. The Support group in API Gateway is mapped to two roles, API User and API Owner in API Creator. Similarly, the Documentation group is mapped to the API Creator-defined API Documentation role.
The following image shows the Context Variable Properties window in Policy Manager:
image2017-3-18 17:3:13.png
Configure the LDAP Identity Provider
  1. In Policy Manager, open the Project Configuration policy fragment, and then set the value of the 
    project.roleMappingType
     context variable to 
    ldap
    .
  2. Complete one of the following:
    • If your API project includes roles that do not match the LDAP groups, adjust the value of the 
      project.simpleRoleMapper.userRoles
       context variable to match the LDAP groups to the 
      Layer7 Live API Creator
       role.
      The value of the 
      project.simpleRoleMapper.users
       context variable dynamically populates based on a user's LDAP group membership by way of the 
      (cn=${authenticatedUser.login})
       LDAP search filter. This search filter sets the 
      ldapGroups
       context variable using the LDAP 'memberOf' attribute.
    • If your API project includes roles that match the LDAP groups, your users' LDAP groups are passed through to API Server.  No additional configuration is needed.
    • If you are using an identity provider different from LDAP, such as Microsoft Active Directory (MSAD), adjust the value of the 
      ldapGroups
       context variable from 'memberOf' to an attribute that returns the users group membership.
Activate the Updated API Project in API Gateway
In Policy Manager, save and activate the API.
Next Steps
Now that you have configured your published API in API Gateway, you can consume your published API in API Gateway.
For more information about how to consume your published API, see Consume the Published API Project in API Gateway.