For the past 10 years, iJET International has delivered intelligence-driven integrated risk management solutions by assessing an organization’s exposure to risk and threat. To empower these multinational organizations, iJET collects intelligence on a global scale, about health, natural disasters, geopolitical and civil unrest, capturing data in a manner that is machine processable to deliver response solutions.
During his session at WSO2Con USA 2015, David Clark, director of IT architecture at iJET labs, the innovation center at iJET International, explained how the organization moved from a rigid legacy system to a microservice architecture, with an identity management solution powered by WSO2 middleware.
Satiating the demand for sensitive data security
The biggest challenge Clark was faced with when he joined iJET in 2015 was identity management. With many of iJET’s customers already having identity management solutions in place, Clark recalled the increased demand for federated Single Sign-on (SSO) across the board. Customers had a need for more security protocol options, specifically SAML 2.0 and OAuth 2.0. There was also a need to provide them with user self-provisioning through the secure use of third party systems, as well as multifactor authentication, he noted.
An additional challenge was iJET’s legacy architecture. It was not agile, not scalable, and had limited revenue opportunities. What possibly began as a clean three-tier application had over the years snowballed into a mammoth, rigid system that could not pivot with the business anymore. “What this means is we really couldn’t monetize our main asset, which is our intelligence”, Clark said. It was time to move on to a more Service Oriented approach.
Open source, open standards
WSO2 middleware was the best fit for iJET’s Service Oriented Architecture (SOA). “Being open source aligns with iJET’s values”, Clark noted. “We wanted to take ownership of the products and deploy it the way we wanted to, and WSO2 allows us to do that. Being open source, it’s extensible.”
iJET also utilized WSO2’s Quick Start Program (QSP) from the initial stages of the project. “The QSP ensures that you get off on the right foot,” Clark observed. “Their engineers come in, understand what your business problem is, and ensure that you get the right architecture, and start in the right direction.”
Clark explained the implementation of the WSO2 products to the audience, starting off with federated SSO using WSO2 Identity Server. The product supported configurable authenticators for federation, and just-in-time user provisioning was added, where the incoming claims could be mapped to local schema. This worked in conjunction with the iJET customer user store manager, Clark explained, which was implemented as an OSGI bundle.
Integration of the legacy applications followed. With the iJET applications already configured to use another SSO, Clark explained the use of Apache Mellon to bridge the SAML negotiation and provide a façade between the old and new systems, generating session cookies with the same key value peers the old system was using.
Optimizing iJET’s microservices
The integration of WSO2 API Manager with WSO2 Identity Aerver, Clark continued, was carried out via an OAuth key manager and Java Web token. The core focus then shifted to optimizing iJET’s microservices. WSO2 API Manager is used to prototype, version and publish APIs provided by microservices. But most importantly, Clark observed, API Manager was used to govern the access and provide security to APIs.
A hexagonal architecture was used for the microservices, with business logic at the core. Inbound controllers and adapters surrounding the core helped expose the REST API that the user applications would access through the API Manager. The outbound repositories helped the service to communicate with the database.
Clark also explained that iJET follows a template driven development process to create microservices. Not yet at the point of using Docker containers, Clark stated that each microservice gets deployed on an Amazon EC2 instance.
Six months to successful deployment
“Six months later, we have our federated SSO working”, Clark noted. “We were able to deploy a new application built entirely on REST APIs and these are now available for our customers to consume as well.” The legacy applications too are able to authenticate with third party identity providers, with extremely satisfied iJET customers using their own solutions.
For more information on iJET’s microservice architecture use case, view Clark’s WSO2Con USA 2015 presentation.