Using federated credentials on the developer portal

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation.
info

Federated log in is the process where you use credentials from one identity management system, called the system of record, to log in to another system. For example, you use your Google or Twitter credentials to log in to the Apigee developer portal. The advantage of federated login is that the system you are logging in to does not ever see the password associated with your credentials. That means your passwords do not have to be copied to different systems.

The Developer Services portal supports federated login using credentials from several common providers, including:

  • GitHub
  • Google
  • OpenID
  • Twitter

Also, if you already have an Apigee Edge account, you can use those credentials to log in to the developer portal.

Each of the supported credential providers requires a different configuration process, as described below.

Using federated credentials with the developer portal

To gain access to the portal, a developer registers a new account on the portal and specifies a username, email address, and password. The user can then log in to the portal by supplying their portal username and password as credentials.

With federated log in on the portal, you use credentials from a third party to log in to an existing portal account. That is, you require an account on the portal before you can log in with third party credentials. You can use any of the federated credentials supported by Apigee to log in to an existing portal account. Additionally, you can use Google and Apigee credentials to register a new account on the portal.

Logging in to an existing portal account

Log in to an existing portal account by using any of the supported federated credentials. For example, log in by using your Twitter credentials. The first time you log in with your Twitter credentials, the portal prompts you to associate your Twitter credentials with an existing portal account. You only perform this association once. After that, you can log in with your Twitter credentials and the portal retains the association information.

Registering a new portal account

Register a new account on the portal by using your Google or Apigee credentials. When you register as a new developer on the portal using federated credentials, the developer portal attempts to obtain information, typically email address, from the system of record. For example, you use your Google credentials to create a new developer account on the portal. You are prompted to approve information passed back to the portal from Google. Even if the system of record returns information to the portal, new registrations are typically required to enter some information, such as accepting the terms and conditions.

Register or log in using Apigee credentials

If you already have an Apigee Edge account, you can use those credentials to register an account or log in to an existing account on the developer portal. By default, the following button appears on both the registration and login pages of the developer portal:

The button only appears on portals with a URL that ends with apigee.com, meaning portals in the Apigee domain. For example, a URL in the form http://myCompany.devportal.apigee.com. If the URL does not end with that domain, you cannot use your Apigee Edge credentials to log in or register on the portal.

To register an existing Apigee Edge user as a new portal developer:

Note: The registration process assumes that you have your portal configured to allow anyone to register without administrator approval. See Add and manage user accounts for more information on controlling who can register.

  1. Ensure that you have an existing Apigee Edge account.
  2. Select the Register link on the developer portal.
  3. Select the Authenticate with Apigee button on the registration page.
    • If you are not logged in to Apigee Edge, enter your Apigee Edge credentials and select Sign in.
  4. If no other information is required to register, you will be logged in to the developer portal with your new account.
    You will receive an email to the email address associated with your Apigee account with information on completing the registration process, such as setting your password.
  5. If there is additional information required to complete the registration process, such as accepting terms and conditions, then you will be automatically redirected back to the Register page with the username and email information from your Apigee Edge account entered into the appropriate fields.
  6. Specify any other required registration information to complete the registration process.
  7. Select Create new account.
    You will receive an email to the email address associated with your Apigee account with information on completing the registration process, such as setting your password.

To log in as an existing portal developer using an Apigee account:

  1. Select the Login link on the developer portal.
  2. Select the Authenticate with Apigee button on the login page.
    • If you are already logged in to Apigee Edge you will be automatically logged in to the developer portal.
    • If you are not logged in to Apigee Edge, enter your Apigee Edge credentials and select Sign in.

Register or log in using Google credentials

Federated registration and log in using Google credentials is enabled on the developer portal by default. On both the registration and login pages, you will see the following button:

You can register as a new developer, or login as an existing developer, by using your Google credentials. For example, if you have a Gmail account, you can log in by using your Gmail credentials.

The developer portal associates Google credentials to your portal account by storing a Google OpenID in your portal profile. After associating Google credentials with your portal account, you can see the OpenID by selecting your email address > Edit Profile from the top-level menu in the developer portal, and then selecting Manage your OpenIDs.

To register as a new developer using your Google credentials:

Note: The registration process assumes that you have your portal configured to allow anyone to register without administrator approval. See Add and manage user accounts for more information on controlling who can register.

  1. Ensure that you have an existing Google account, such as a Gmail account.
  2. Select the Register link on the developer portal
  3. Select the Authenticate with Google button on the registration page.
    You will be directed to a Google page asking that you accept that the developer portal can access your Google email address and basic information.
  4. Select Accept to approve.
  5. You are redirected back to the developer portal's registration page, with the information from Google prepopulating the registration fields.
  6. Specify any missing required information to complete the registration process.
  7. Select Create new account.
    You will receive an email to your Gmail account with information on completing the registration process.

To log in as an existing developer:

  1. Select the Login link on the developer portal.
  2. Select the Authenticate with Google button on the login page.
    • If you are already logged in to Google, you will be logged in to the portal.
    • If you are not logged in to Google, enter your Google credentials to log in to the portal.
  3. If this is the first time that you have logged in using Google credentials, you will be redirected to a page on the portal where you have to associate your Google account with an existing account on the developer portal:

  4. Copy the URL under Your OpenID.
  5. Select the log in link at the top of the page and log in by using your existing developer portal credentials.
  6. Select your email address > Edit Profile from the top-level menu in the developer portal.
  7. On your profile page, select Manage your OpenIDs.
  8. Enter the OpenID URL and select Add OpenID.
    You can now login using your Google credentials.

Log in using Twitter credentials

You can log in as an existing developer by using your Twitter credentials but you cannot register as a new user.

Federated log in using Twitter credentials requires that you enable the Drupal Twitter Signin module on the developer portal. After enabling that module, you will see the following button on the log in page:

The connection between the developer portal and Twitter uses OAuth for authentication. Therefore, before you can log in to the developer portal with Twitter credentials, you must first create a Twitter app. That app then generates the consumer key and consumer secret used by the developer portal and Twitter to communicate.

In the process below, you first enable the Twitter Signin module on the developer portal, then create the Twitter app. After creating the app, return to the Twitter Signin module and add the required configuration information from the Twitter app.

To enable the Twitter Signin module:

  1. Log in to your portal as a user with admin privileges.
  2. Select Modules in the Drupal administration menu. The list of all installed Drupal modules appears.
  3. Scroll down the page and select the checkbox next to the Twitter Signin module.
  4. Save your configuration.
    When enabling the Twitter Signin module, you might be notified that other modules also must be enabled. Make sure to enable these modules.
  5. After the Twitter Signin module is enabled, select Configuration > Web Services > Twitter in the Drupal menu.
    The Twitter configuration screen appears.
  6. Select the Settings tab.
  7. Copy the Callback URL. This us a URL in the form:

    http://{env}-{org-name}.devportal.apigee.com/twitter/oauth

    You need this URL to create the Twitter app.

Create the Twitter app:

  1. Navigate to this page in a browser: https://dev.twitter.com/apps/new and log in to your Twitter account.
  2. Enter the following information about your portal:
    Name: for example MyApigeePortal
    Description: for example My Apigee Portal
    Website: for example http://{env}-{org-name}.devportal.apigee.com/
    CallbackURL: Copy the Callback URL from the Twitter Signin module configuration screen.
  3. Agree to the terms/conditions.
    You will be directed to a Twitter page with the OAuth settings, including the consumer key and the consumer secret. You need the key and secret to configure the Drupal Twitter Signin module.
  4. Under the Settings tab, change the Application Type Access to Read and Write.
  5. Select Update this Twitter application's setting.

To configure the Twitter Signin module:

  1. Log in to your portal as a user with admin privileges.
  2. Select Configuration > Web Services > Twitter in the Drupal menu.
    The Twitter configuration screen appears.
  3. Select the Settings tab.
  4. Copy the Consumer Key from the Twitter page to the OAUTH Consumer Key field.
  5. Copy the Consumer Secret from the Twitter page to the OAUTH Consumer Secret field.
  6. Select Save Configuration.
  7. Select the Twitter Tab.
  8. While still logged in to Twitter with the account that create the Twitter app, select the Go to Twitter button to add an authenticated account.
  9. Select Sign-in tab.
  10. Select No under Automatically Register New Users.
  11. Save the configuration.
    Twitter users can now register on the developer portal and log in by using their Twitter credentials.

To log in as an existing developer using a Twitter account:

  1. Select the Login link on the developer portal.
  2. Select the Authenticate with Twitter button on the login page.
  3. You are redirected to a Twitter page.
    • If you are already logged in to Twitter, select Authorize app.
    • If you are not already logged in to Twitter, enter your Twitter credentials and select Authorize app.
  4. If this is the first time that you have logged in using Twitter credentials, you will be redirected to a page on the portal where you have to associate your Twitter account with an existing account on the developer portal.
  5. Enter the username and password of the account that you want to associate with your Twitter account. You only have to do this once.
    The next time you log in with your Twitter credentials, you will be logged in to the portal directly.

Log in using GitHub credentials

You can log in as an existing developer by using your GitHub credentials, but you cannot register as a new user.

Federated log in using GitHub credentials requires that you enable the Drupal GitHub Connect module on the developer portal. After enabling that module, you will see the following button on the log in page:

The connection between the developer portal and GitHub uses OAuth for authentication. Therefore, before you can log in to the developer portal with GitHub credentials, you must first create a GitHub app. That app then generates the consumer key and consumer secret used by the developer portal and GitHub to communicate.

In the process below, you first create the GitHub app. After creating the app, enable the GitHub Connection module and add the Client ID and Client Secret from the GitHub app.

Create the GitHub app:

  1. Navigate to this page in a browser: https://github.com/settings/applications/new and, if necessary, log in to your GitHub account.
  2. Enter the following information about your portal:
    Application Name: for example MyApigeePortal
    Description: for example My Apigee Portal
    Website: for example http://{env}-{org-name}.devportal.apigee.com/
    CallbackURL: The URL of your portal's home page, with the extension /github/register/create. For example:

    http://{env}-{org-name}.devportal.apigee.com/github/register/create
  3. Optionally choose an image.
  4. Select Register application. The GitHub site displays the Client ID and Client Secret that you need to configure the GitHub connection module on the developer portal in the form:
    Client ID: dbe86111e411d031d8fb
    Client Secret: e6bd0f838a288113e8b4e531cb6a9487c27f2d79
  5. Copy these values to use when configuring the GitHub connection module.

To enable the Github Connection module:

  1. Log in to your portal as a user with admin privileges.
  2. Select Modules in the Drupal administration menu. The list of all installed Drupal modules appears.
  3. Scroll down the page and select the checkbox next to the GitHub Connection module.
  4. Save your configuration.
    When enabling the GitHub Connection module, you might be notified that other modules also must be enabled. These should be enabled automatically.
  5. After the GitHub Connection module is enabled, select Configuration > People > GitHub in the Drupal menu.
    The GitHub configuration screen appears.
  6. Enter the Client ID and Client Secret from your GitHub application.
  7. Place the GitHub Connect block where you want it to be displayed.
  8. Save the configuration.

To log in as an existing developer using a GitHub account:

  1. Select the Login link on the developer portal.
  2. Select the Login with GitHub button on the login page.
  3. You are redirected to a GitHub page.
    • If you are already logged in to GitHub, select Allow access.
    • If you are not already logged in to GitHub, enter your GitHub credentials and select Authorize app.
  4. If this is the first time that you have logged in using GitHub credentials, you will be redirected to a page on the portal where you have to associate your GitHub account with an existing account on the developer portal.
  5. Enter the username and password of the account that you want to associate with your GitHub account. You only have to do this once.
    The next time you log in with your GitHub credentials, you will be logged in to the portal directly.

Log in using OpenID credentials

OpenID lets you create a single username and password that you can then use to log in to any site that supports OpenID. With OpenID, your password is not shared, but resides only with the OpenID provider. It is up to the OpenID provider to verify your identity to another website. For more information on OpenID, see http://openid.net/.

If you have an accounts on some of the most popular websites, such as Google or Yahoo, you already have an OpenID. For example, a Yahoo email user has an OpenID in the form:

https://me.yahoo.com/a/UniqueID

where UniqueID is generated by Yahoo. You can use this OpenID to log in to the developer portal.

To support OpenID with the developer portal, you must enable the Drupal OpenID module. No other configuration is required on the developer portal. After you enable the OpenID module, the following links are automatically added to the developer portal login page:

The developer portal associates an OpenID to your portal account by storing the OpenID in your portal profile. After associating an OpenID with your portal account, you can see the OpenID by selecting your email address > Edit Profile from the top-level menu in the developer portal, and then selecting Manage your OpenIDs.

To enable the OpenID module:

  1. Log in to your portal as a user with admin privileges.
  2. Select Modules in the Drupal administration menu. The list of all installed Drupal modules appears.
  3. Scroll down the page and select the checkbox next to the OpenID module.
  4. Save your configuration.
    There is no other configuration required on the developer portal.

To log in as an existing developer using an OpenID:

  1. Log in to the developer portal by using your developer portal credentials.
  2. Select your email address > Edit Profile from the top-level menu in the menu bar.
  3. On your profile page, select Manage your OpenIDs.
  4. Enter your OpenID and select Add an OpenID.
    You can now login using your OpenID.
  5. Log out of the developer portal.
  6. Select Login.
  7. On the log in page, select Log in using OpenID.
  8. Enter your OpenID.
  9. Select Log in.

Alternatively, you can log in directly to an existing developer portal account by using your OpenID. When you do the first time, you will be asked to log in using your developer portal credentials. Logging in for the first time automatically associates your OpenID with the developer portal account. You can now log in directly by using your OpenID.