Episode 017: 23‐05‐2024 Agama Low Code Identity Orchestration - GluuFederation/identerati-office-hours GitHub Wiki
- Host: Mike Schwartz, Founder/CEO Gluu
- Guest: Prabath Siriwardena, Senior Developer at DevRev
- Co-Host: Dhaval Desai, Gluu Community Manager
Description
Agama is a domain specific language ("DSL") for identity orchestration. It's governed at the Linux Foundation Janssen Project. There is also an Agama project archive format, which is a standard way to package all the assets required by an IDP to run an Agama Project. The Agama DSL is "IDP-neutral"--any IDP could use it, although Jans Auth Server and Keycloak are currently the only IDPs where it's possible to run an Agama Project. In this Identerati Office Hours, Mike will present the current state of Agama with help from Dhaval and get feedback from Prabath about the current challenges for Agama and low code identity orchestration in general.
Homework
Takeaways
-
Real-time debugging would be nice. This might be more of an IDP feature then an Agama feature per se. Could the Agama transpiler provide some runtime interface to get back debug info or to insert a break? Also, an Agama policy language extension for Visual Studio Code would be nice, not necessarily as an alternative to the drag and drop interface, but for people who are reviewing the actual Agama source code.
-
Gluu is targeting Agama support for both Keycloak and Janssen Auth Server. This would make Agama the only identity orchestration solution that runs on more then one IDP. Mike is not sure if any other IDPs will adopt it, perhaps because as Prabath points out, vendors might not want easy portability of this kind of custom code.
-
In both the Jans and Keycloak implementations, an Agama Flow is invoked by specifying the
acr_valuesparam of an OpenID Connect Authn Request. It could be possible to invoke a flow in another way, but that would be up to the IDP. -
The four "special" agama commands or "blocks" are : RRF, RFAC, Trigger and Call. The rest of Agama will look pretty similar to other programming languages. You could think of Agama as a very tight interface that facilitates re-use of code.