VP Innovation at Axway, Co-founder at Vordel

Mark O'Neill

Subscribe to Mark O'Neill: eMailAlertsEmail Alerts
Get Mark O'Neill: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Blog Feed Post

Identity Bridge - How to use an API Gateway to bridge between X.509 Certificates, SAML, JWT, and OAuth Access Tokens

When integrating systems together, identity mediation can be just as vital as protocol mediation. Consider a situation where a user is authenticating with an X.509 certificate. The X.509 certificate could be an iOS certificate stored on an iPhone, or could come from a CAC/PIV card issued to a US Government employee. When the user is accessing a system that requires a SAML Assertion, how can that X.509 certificate be converted to a SAML Assertion?

The answer is an Identity Bridge. This term, originally coined by Mark Diodati who is now a Gartner analyst, is used to describe a service which converts identity tokens between domains, enabling seamless access. An API Gateway such as Axway's is an ideal tool to use as an Identity Bridge, because of the fact that it supports a wide variety of identity tokens. 


With my colleague Daniel Wille, I've put together a video which shows the Identity Bridge scenario whereby a user is authenticated via one token type (in this case an X.509 Certificate) and then the API Gateway bridges to other tokens, specifically:

  • How to convert to an OAuth JWT
  • How to convert to an OAuth Access Token Token
  • How to convert to a SAML Assertion (containing attribute statements)
A REST API at the API Gateway is used to do the identity bridging (e.g. requesting an OAuth Token based on the initial X.509 token).




For more information, and to get a copy of the API Gateway to perform your own Identity Bridging, check out the Axway site.

Read the original blog entry...

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.