Episode6.md

Learning Kyma - Episode 6

Content

This session we take a look into Kyma and security. There are two main learning goals:

• Understand which components of Kyma are relevant in the context of security and what are their responsibility
• Secure an API endpoint with OAuth2

In addition we will take a quick glance at the topics SAML2, OAuth2.0 and OpenID Connect.

Sessions on YouTube

You find this session on YouTube here: Link

References

Security in Kyma - Overview

• Kyma Component - Security

Dex and IdP Federation

• Dex - A Federated OpenID Connect Provider
  • Dex Connectors
  • Kyma - Add an Identity Provider to Dex
  • Kyma - Post-installation changes

Basics about SAML and OAuth

• SAML V2.0 - Specification
• What is SAML and How Does it Work?
• OAuth 2.0 - Landing Page
  • What the Heck is OAuth?
  • What the Heck is OAuth? - OAuth Tokens
  • What the Heck is OAuth? - OAuth Flows
• Welcome to OpenID Connect

References

• API Gateway
  • API Rule
• ORY - Open Source Identity Infrastructure and Services
  • ORY Oathkeeper
    • ORY Oathkeeper - Mutators
    • ORY Oathkeeper - Authenticators
  • ORY Hydra
    • ORY Hydra - Creating OAuth Clients via CLI
    • ORY Hydra - Creating OAuth Clients via YAML
• Kyma for Dymmies [2]: First Simple Microservice with Security
• Kyma for Dymmies [3]: calling secured service with REST client
• GitHub repository with source code for Kyma for Dymmies blog posts 2 + 3
• Example with JWT and Allowed Authenticators using CAP by Gregor Wolf: Authenticate to a CAP service using Azure AD B2C - Deploy to Kyma