The following features are most valuable to me:
- Extracting credentials for authentication
- This product handles security in their own and unique way. e.g internal identity providers, connect to any LDAP in organization and validate, Certificate checks etc.
- It can do certificate authentications ( one way, two way).
- It can read credentials and connect to any LDAP including its own internal identity provider using the credentials
- It can generate SAML tokens for security
- It can extract/parse XML/JSON element.
- Password once stored in cannot be viewed, but can be extracted, this is major advantage when we use basic credential to any system to connect
- Regular Expressions is one area where it has a big advantage for validation of strings
Improvements to My Organization:
Our organization relies entirely on it for web services and RESTful APIs. Internal applications never get requests if they are not valid or authenticated, which saves the backend server's processing. Big organizations can track demand of services and drives to ROI.
Room for Improvement:
An as-is string API is not available for manipulating, like we do have in Java all operations of String are not present. The hard way is by using regular expressions, which is little difficult to intermediate and beginners.
Some kinds of errors have to be reworked.
Very recently, I saw a connection reset error message for a handshake (for cipher). Many organizations have recently performed the SHA2 upgrade, so handshake errors are not properly recorded in logs.
When backend system sends error message with different MIME layer7 cannot propogate the same message, most of the times it gives blank message, backend error message is never passed to final consumer.
(observed in 8.3 for MIME application/problem+json and with error code 403)
Use of Solution:
I have used this solution for four years.
ESM gives a hard time. For example, 7.3 to 8.3 migration is hardest. Also, if we have multiple clusters, we don't have a good migration utility. Most of the time, it fails.
Login (Policy Manager) time for clients is usually not fast.
The Information Guide is very brief.
In big industry stability is always challenge, some times internal users report that 3 out of 4 connections are successful and one is never reached to API Gateway, while diagnose report always says system is healthy, restart will make it work again
4/5 they are always on par with requests, some times limitations of API gateway are there to answer by Customer Service
I rate customer service and technical support 8/10.
Our organization moved to this product because Cisco stopped supporting its gateway.
Initial setup was in between straightforward and complex.
We implemented the solution in-house with help from CA.
This is a good tool compared to open source solutions. There still is a lot to be done to improve user experience.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Dec 05 2016