Kong Enterprise 1.5 swings for added security


Service and API management platform Kong Enterprise has been fitted with some security improvements and an application registration plugin, making v1.5 ready for operation.

Kong Enterprise is built upon open source project Kong Gateway but adds some scalability, security, management and analytics capabilities aimed at large organisations.

The 1.5 release mainly focuses on security relevant enhancements, one of which extends the anomaly detection of Kong Immunity to allow users to set a scope to specific API consumers. This lets them trace alerts to individuals and teams that access certain APIs, while former versions could only alert based on traffic to specific endpoints.

Another new security feature is support for assertions on client authentication in the product’s OpenID Connect plugin. The latter now offers client_secret_jwt and private_key_jwt as methods of authentication to use with OpenID Connect providers. To round it all off, the Kong team has been busy fixing issues in password resetting, file permissions, account verification, and plugin configuration, all of which should make the product a bit safer.

Apart from that, Kong’s manager component comes with redesigned Service and Route pages, and the opportunity to sort lists of entities such as Services, Routes, and Consumers as well as export and view them as JSON where needed. 

For those interested in more experimental features, Kong Enterprise 1.5 includes a beta of a portal application registration plugin. It provides devs registered on the Kong Developers Portal with a way to “authenticate with OAuth against a Service on Kong” and lets admins admit service access through Manager. 

The Developer Portal now also sports a tab dubbed “My Apps”, so that developers can create new applications and subscribe them to services or APIs via the interface. A complete list of changes can be found in the company’s changelog.