1

Here is the scenario, I've an instance of Oracle Identity Manager (OIM). The instance stores all of my user profiles. Now, I'm writing few REST APIs, which should be authenticated using users present on OIM.

I'm also thinking of using AWS cognito to provide authentication flow. So, my questions are

Q. How can we connect Cognito & OIM?
Q. If no need of Cognito for this scenario, then how can we make use of OIM?

I've recently strated looking into both the tools. So, please spare me for some obvious questions.

Aashish P
  • 1,894
  • 5
  • 22
  • 36
  • What is the responsibility of your REST web service? I hope you are aware of OIM SCIM Web service and not repeating the same functionality again. – Chaitanya K Nov 16 '16 at 06:45
  • My REST APIs have nothing to do with OIM suite. Those are purely written with some business logic and fetches data from database(not linked to OIM). I just want to use OIM instance somehow for authentication of my APIs. When mobile application try to hit my APIs, there should some sort of auth mechanism (Oauth2 / OpenID connect). – Aashish P Nov 16 '16 at 06:48
  • If you want them authorized to use AWS services, then you should create a developer identity provider from your OIM (I don't think there is one build yet that you could just plug in). But if you don't need to access AWS services then I don't really see the point. If it already supports OIDC you may be able to use it as an identity provider (defined as an identity provider in IAM and used as an authentication provider in Cognito). But I still think you will need an developer identity provider defined on the client. – Bruce0 Nov 17 '16 at 04:57
  • check below question you might need to do something like this": http://stackoverflow.com/questions/38245525/how-to-authenticate-user-via-oim-api – Chaitanya K Nov 30 '16 at 12:02

1 Answers1

2

I'm from the Cognito team, and Bruce0's suggestion is spot on. If you need to access AWS resources, you would set up a developer authenticated identity provider which could leverage this (or any other identity manager/provider).

Jeff Bailey
  • 5,655
  • 1
  • 22
  • 30