I am evaluating WS02 Api manager and Identity server. My requirement is as follows: 1) We have to develop a web portal where all the APIs will be exposed in wso2 api manager in which multiple end user types will login to portal say A, B ,C, d and all needs to have different API access 2) All the backend API related to portal/application will be exposed via wso2 API manager/gateway. 3) End User Authentication , Authorization and RBAC has to be performed by WSO2 layer means admin should be authorized to see only admin related stuff normal user will have restricted access. 4) I know I can create an app in wso2 API store get the token and call all the backend apis in secured way and get access to application but how login user based authentication and authorization is going to happen.
Solution which I read from docs is. 1) I can use wso2 Identity server as key manager so that and keep user data in custom db say mssql.
But not sure how how user can be restricted to use only certain contents in portal. Please help me on this.
http://movingaheadblog.blogspot.com/2014/02/securing-your-web-service-with-oauth2.html
@gusto can you help me on this. Thanks
