Skip to content

feat(portal): Application <> consumer mapping #5500

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
cloudjumpercat wants to merge 7 commits into
base: release/kong-identity-m0
Choose a base branch
from
Open

feat(portal): Application <> consumer mapping #5500

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
183a028
Update reference content
cloudjumpercat Jun 8, 2026
73a3e95
Dev portal variable, caching infos
cloudjumpercat Jun 9, 2026
234c5ee
UI step for link consumer, API steps for principal/plugin link, conve…
cloudjumpercat Jun 9, 2026
ebf0067
fix principal requests
cloudjumpercat Jun 10, 2026
70e2f9a
Apply PM/eng feedback
cloudjumpercat Jun 10, 2026
f1cf8cc
Adjust kaa vs ace wording
cloudjumpercat Jun 11, 2026
c8011cf
Fix section lead in
cloudjumpercat Jun 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions app/_includes/dev-portal/kaa-vs-ace.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ When you link an API to a Gateway, you have two options:
These plugins are responsible for applying authentication and authorization on the Gateway Service or control plane.
The [authentication strategy](/dev-portal/auth-strategies/) that you select for the API defines how clients authenticate.

In {{site.base_gateway}} 3.15 or later, both plugins also look up {{site.identity}} principals to resolve any [plugins applied to a {{site.dev_portal}} application](/dev-portal/self-service/#map-an-application-to-a-consumer), so that Consumer or principal-scoped plugins apply to the application's traffic.
Principal lookups are cached, so additional lookups aren't required until the cache is evicted.
Cache eviction is controlled at the principal and {{site.base_gateway}}-level.

The following table can help you decide which option to pick:
<!--vale off-->
{% table %}
Expand Down
6 changes: 5 additions & 1 deletion app/_includes/plugins/ace/ace-overview.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
The Access Control Enforcement (ACE) plugin manages developer access control to APIs published with Dev Portal.
The Access Control Enforcement (ACE) plugin manages developer access control to APIs published with {{site.dev_portal}}.

You can use the ACE plugin as an alternative to the {{site.konnect_short_name}} application auth (KAA) plugin to link APIs to a Gateway instead of linking APIs to a Gateway Service.
Unlike the KAA plugin, the ACE plugin can link to control planes to configure access control and create API package operations for Gateway Services.
API packages use the ACE plugin to manage developer access control to APIs.

If you [apply a plugin to a {{site.dev_portal}} application](/dev-portal/self-service/#map-an-application-to-a-consumer), the ACE plugin looks up the application's principal to resolve the mapped Consumer at runtime, so any Consumer or principal-scoped plugins apply to the application's traffic.
Principal lookups are cached, so additional lookups aren't required until the cache is evicted.
Cache eviction is controlled at the principal and {{site.base_gateway}}-level.

The ACE plugin runs *after* all other [authentication plugins](/plugins/?category=authentication) run.
For example, if you have [Key Authentication](/plugins/key-auth/) configured and it rejects a request, the ACE plugin *will not* run.

Expand Down
278 changes: 0 additions & 278 deletions app/_landing_pages/dev-portal/self-service.yaml
View file
Open in desktop

This file was deleted.

Loading
Loading