-
Notifications
You must be signed in to change notification settings - Fork 2
Home
Palo Alto Networks Application Framework 1.0 only supports multi-tenant applications that could implement the OAUTH2 Grant Code flow to get access to customer data using the corresponding API's. That means that, for an application to be ready for Application Framework, the following two requirements must be met:
- The application should have a multi-tenant WEB entry point for customers to login/register to the application
- The application must be capable of triggering the OAUTH2 Grant Code flow to let the user authorize the application access his data stored in the Logging Service (scope limited access grant)
In many cases the partner integration was meant to be deployed as a single-tenant instance. The following are examples of such a use case:
- An on-premises solution.
- An integration script that runs inside a software installed on a per-customer model.
- A single-tenant cloud application that is instantiated for each interested customer.
- An ad-hoc application homegrown by a customer to access his own data
I all these cases, an additional effort is needed to build a public web-based multi-tenant component that could be registered into the Applications Cloud Portal and that implements the OAUTH2 flow on behalf of the requesting tenant.
A lightweight mock implementation of such a web-based multi-tenant component described above that features:
- Packaged as an AWS Serverless Application and publicly available at AWS Serverless Repository for one-click deployment
- Low to zero hosting costs due to its serverless concept
- Safe storage of sensible information (i.e. client_id, client_secret, per-tenant access_tokens) in the AWS Secrets Manager Service
- Ready-to consume Model / View / Controller JavaScript class for easy FrontEnd branding adaptation.