WSO2AppManager:ManagingApplica2onLifecyclesAcrossYourEnterprise

SumedhaRubasingheDirector-APIArchitectureWSO2

IamSirifromWSO2Salesteam.

IamSirifromWSO2Salesteam.

Username,enterpriseidenAty

OrganisaAon

Role,Group,Permissions

IlogintohDps://apps.wso2.com.

IlogintohDps://apps.wso2.com.

WebappunderorganizaAondomain

Thisisthehomepage

IgetredirectedtologinpageprovidedbyorganisaAon’sIdP

siri@wso2.com

………….

IseeallAppsIcanaccessbasedonmyroles,groups,permissions.

‘MySubscripAons’willshowAppsIhavesubscribedto.

‘Favorites’willshowallMyFavoritesApps.

Mark your favorite apps

TagbasedclassificaAonforApps.

IclickontheapplicaAonIwanttoaccess.Thispagealsolistsoutdetailsaboutapp,documentaAon,userfeedback.

Myrequesttoaccess‘PatchManagementApp’goesintoIdP->getmyloginsessionverified->getsredirectedbacktoApp

NowIamin‘PatchManagementApp’.NoLoginrequired.

AppStorehassentaSAMLResponsetoPatchManagementAppwithdetailsaboutme.

whatjusthappenedbehindthescenes?

Whatjusthappenedbehindthescenes?AccessedEnterpriseAppStore

LoggedintocentralIdP

SingleSignedOntoEnterpriseApps

Iamhappy..because...

Happinessintheair..IseeallappsIwantto/needto/requiredtoaccessinasingle

dashboard

Iuseasinglesetofcreden2alstoaccessallofthoseApps

Icanseeuserguides/helponhowtousethoseApps

Icanrequestforfeatures/rate/feedbacktoAppDevs

IsthisacommonpaDerninyourenterprise?

Siriisnotalone.AppDiscoveryhasapaDern.

DiscoverApps

Favourite/Subscribe

AccessAppsReadDocs

ReportIssues/Features

AppDiscoveryLifecycle

IamNayanafromWSO2CIOteam.

I...DevelopAppsforinternaluse

Wantaneffec2vechanneltodistributethoseAppstoeveryemployee

WantmyAppstobeabletoAuthen2cateandAuthoriseagainstcooperateIdP

WanttousecentrallydefineduserprofileaJributes

Wanttoviewusagesta2s2csofAppsIwrite

I...Wanttowritecentralisedauthoriza2onpoliciesformyAppsandget

themexecuted.

WanttoreceivefeedbackfromAppUsers.

WantmyuserstoeasilyreportAppissues.

Wanttowritecustomanaly2csonhowAppsarebeingused

Wanttoestablishseamlessintegra2onbetweenAPIsandAppsthatusethem.

IuseAppPublishertopublishAppsIdeveloptotheenterprise.

(Web)AppPublishercreatesaproxya(web)appinfrontofyourrealapplicaAon

Allowsdefiningperresourcebasedaccess/throDlingpolicies

Policiescanbecentrallydefinedandmanaged

PoliciescanbereusedbetweenapplicaAons

PoliciescanbegroupedandappliedagainstresourceaccesspaDerns

PerresourcepaDerncustomisaAonisalsopossible

DetailpagesummarisingeverythingabouttheApp.

CentralpageforconfiguringstaAsAcs,documentaAon,SSO,OAuthKeys

AppVersioningSupport

AllowsprovidingperAppDocumentaAon(inline,upload,URLs)

PermissionbasedApplifecyclemanagementcapabiliAes

CentralviewofallAppsmanaged

PublishingmobileAppsisalsosupported

Nayanaisnotalonetoo.AppPublishinghasapaDerntoo.

Review

Approve

PublishUnpublish

Deprecate

AppPublishingLifecycle

ReAre

Reject

TopublishApps,appsneedtobedeveloped!!

Whenmyappsareinuse,IviewstaAsAcsonthem.

AppPublisher,AppAuthor

MetadatalevelanalyAcsareavailableOOB.

Usagebyresourcepage

MulAdimensionalviewofApp,subscripAonandusage

OverallresponsesummaryofAppsmanaged

SubscripAonSummaryvsAppVersion

PerUserSubscripAonStaAsAcs

Breakdownbybackendendpoint

“WeuseWSO2AppManager.OnestopshopforApplica8ondistribu8on,lifecyclemanagement

andaccesscontrol”-Siri,Nayana

WSO2AppManager-FuncAonalOverview

Inanutshell..AProxyWebAppforarealwebapp

AnApplica2onGateway

Setofinterceptors(handlers)betweenproxyandrealwebapps

Interceptors

SingleSignOn

Sta2s2csCollec2on

Policyevalua2on

Pluggable

Supportfordifferentapptypes(future)

WebApps,MobileApps,CommandApps,WebLinks,Gadgets

SendingaJWT(signed)orSAMLTokentobackend

PassingauthenAcatedcallstobackendapp

ProxyApp WebApp

<saml2p:Response Destination="https://app-gateway.wso2.com/pmt/1.0.0/" ID="lekgojddaaponseTo=ntity"

{"exp":1394072102566,"hJp://wso2.org/claims/emailaddress":"dims@ws}

SAMLToken

JWTToken

ContentsofJsonWebToken(JWT){"iss":"wso2.org/products/appm","exp":1394072102566,"Subject":"dims","hJp://wso2.org/claims/emailaddress":"dims@wso2.com","http://wso2.org/claims/mobile":"0725255071","hJp://wso2.org/claims/role":"admin,subscriber,Internal/everyone"

} UserRoles

UserName

Validity Claimvaluesfromuser’sprofile

ContentsofSAMLToken<saml2p:Responsexmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"Des2na2on="hJps://app-gateway.wso2.com/pmt/1.0.0/"ID="lekgojddaacphflejnbdpjlmjipldloecjbncecl"InResponseTo="0"IssueInstant="2015-11-04T09:40:31.431Z"Version="2.0">

<saml2:Issuerxmlns:saml2="urn:oasis:names:tc:SAML:2.0:asser2on"Format="urn:oasis:names:tc:SAML:2.0:nameid-format:en2ty">localhost</saml2:Issuer>

<saml2p:Status>

<saml2p:StatusCodeValue="urn:oasis:names:tc:SAML:2.0:status:Success"/>

</saml2p:Status>

<saml2:Asser2onxmlns:saml2="urn:oasis:names:tc:SAML:2.0:asser2on"ID="fgkedgffibfeddejffomjnfndgmohodjmjcakhog"IssueInstant="2015-11-04T09:40:31.431Z"Version="2.0">

<saml2:IssuerFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:en2ty">localhost</saml2:Issuer>

<saml2:Subject>

<saml2:NameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">sumedha@wso2.com</

saml2:NameID><saml2:SubjectConfirma2onMethod="urn:oasis:names:tc:SAML:2.0:cm:bearer">

<saml2:SubjectConfirma2onDataInResponseTo="0"NotOnOrAner="2015-11-04T09:45:31.431Z"Recipient="hJps://app-gateway.wso2.com/pmt/1.0.0/"/>

</saml2:SubjectConfirma2on>

<saml2:AuthnStatementAuthnInstant="2015-11-04T09:40:31.431Z"SessionIndex="1b3aa683-5876-4a93-9721-09d52331f88c">

<saml2:AuthnContext>

<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>

….

<saml2:ADributeValuexmlns:xs="hDp://www.w3.org/2001/XMLSchema"xmlns:xsi="hDp://www.w3.org/2001/XMLSchema-

instance"xsi:type="xs:string">wso2.eng,wso2,wso2.support,support.users,wso2.all.employees,wso2.engineering-2,Internal/

subscriber,Internal/private_sumedha-AT-wso2.com,Internal/everyone</saml2:ADributeValue>

UserRoles

UserName

PublishingStatstoGoogleAnalyAcsfunction invokeStatistics(){ var tracking_code = "UA-XXXXXX-X";

var request = $.ajax({ url: "http://localhost:8281/statistics/", type: "GET", headers: { "trackingCode":tracking_code, } }); }

IncludethisfuncAontoyourpage

ManagingWorkflows-AppPublishing

Publisher

AppPublishRequest

Publica2onApproval

AppPublished

User Admin

ManagingWorkflows-AppConsumpAon

AppStore

UserRegistered

AdminEndUser

Registra2onApproval

Self-Registra2on

UserSubscribed

AdminEndUser

Subscrip2onApproval

AppSubscrip2onRequest

FutureworkImplementa2onontopofAppG/W

CEPbasedthroJling

FlexibleSubscrip2onModel

DecoupledAppStore->mobilecatalogs

IoTApp/Firmwaredelivery

Pub/SubbasedAppdistribu2onmodel