08-21-2018 01:11 PM
I'm looking to front the Infoblox Rest API with my own that handles business logic and workflow. Users calling my api will need to authenticate, but can't obviously pass along their passwords to my api for me to pass over to Infoblox in a normal AD-lookup session. This is where certificate-based auth comes into place. If they call my api using a certificate as their ticket into the concert so-to-speak, and I pass along this certificate to Infoblox to authenticate this user, Infoblox can handle the permissions and allow/deny actions based on their roles. I'm also hoping that on the Infoblox side, the user's assigned groups in AD can be determined based on certificate information. The plan, if this option exists, is to allow the users only API access via my api and not allow gui access, so I won't need to handle two login methods based on method of entry.
Still, the primary questions are:
1. Is this possible to use the Rest API where the request is sent along with a certificate (no user/pw) and the WAPI does the rest?
2. Any example, even if it isn't Pythonic or even programatic? (i.e. could be curl example)
This may not be very clear of a question. Feel free to berate me and clarify as needed. Thanks.
08-28-2018 06:20 AM
We use nginx reverse proxy to handle kerberos authentication, and based on the results, forward service account credentials to the wapi.