Adding tutorials for integrating Asgardeo with KONG and WSO2 AI Gateways for agent identity management

[AkinduH]

Purpose

This pull request adds two new end-to-end tutorials to the Asgardeo documentation, focusing on integrating Asgardeo with both WSO2 AI Gateway and Kong AI Gateway for agent identity-aware access control. These tutorials provide detailed, step-by-step guides for securely managing non-human agents in multi-agent AI systems, including configuration of identity, roles, scopes, routing, authorization, and rate limiting.

New Tutorials and Documentation Updates:

• Added links to two new tutorials in the main tutorials index: "Integrating Asgardeo With WSO2 AI Gateway for Agent Identity-Aware Access Control" and "Integrating Asgardeo With Kong AI Gateway for Agent Identity-Aware Access Control".

• Added new tutorial files that include the respective content for integrating Asgardeo with WSO2 AI Gateway (integrating-asgardeo-with-wso2-ai-gateway-for-agent-identity-aware-access-control.md) and Kong AI Gateway (integrating-asgardeo-with-kong-ai-gateway-for-agent-identity-aware-access-control.md). [1] [2]

Tutorial Content Additions:

• Created comprehensive, illustrated guides for both integrations, covering:
  • Use case scenarios for multi-agent AI systems in enterprise support.
  • Step-by-step Asgardeo configuration for agent identities, roles, and scopes.
  • Detailed gateway configuration (WSO2 Bijira and Kong Konnect), including API proxies/services, routing, authorization policies, and rate limiting.
  • Instructions for testing the integrations with a sample repository. [1] [2]

Summary by CodeRabbit

• Documentation
  • Added a step-by-step tutorial for integrating Asgardeo with the WSO2 AI Gateway for agent identity-aware access control, including configuration and verification guidance.
  • Added a step-by-step tutorial for integrating Asgardeo with the Kong AI Gateway for agent identity-aware access control.
  • Updated the Tutorials index to link both new integration guides and related resources.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds two tutorial pages and corresponding include files documenting integration patterns between Asgardeo and the Kong and WSO2 AI Gateways for agent identity-aware access control (architecture, Asgardeo setup, gateway configuration, and verification).

Changes

Cohort / File(s)	Summary
Tutorial Index en/asgardeo/docs/tutorials/index.md	Added links to the Kong and WSO2 AI Gateway integration tutorials.
Kong AI Gateway (template + include) en/asgardeo/docs/tutorials/integrating-asgardeo-with-kong-ai-gateway-for-agent-identity-aware-access-control.md, en/includes/tutorials/integrating-asgardeo-with-kong-ai-gateway-for-agent-identity-aware-access-control.md	New template sets product_name = "Asgardeo" and an included tutorial fragment provides a full guide: use case, architecture, Asgardeo configuration (app, roles, agent registration), Kong setup (service, two header-routed routes, OIDC per route, AI Proxy plugins, token stripping transformer), and rate-limiting/model budget controls.
WSO2 AI Gateway (template + include) en/asgardeo/docs/tutorials/integrating-asgardeo-with-wso2-ai-gateway-for-agent-identity-aware-access-control.md, en/includes/tutorials/integrating-asgardeo-with-wso2-ai-gateway-for-agent-identity-aware-access-control.md	New template sets product_name = "Asgardeo" and an included tutorial fragment provides a full guide: use case, architecture, Asgardeo configuration (application, scopes/roles, agent registration), WSO2 AI Gateway proxy and policy setup, Asgardeo as external IdP, resource-level policies, token-based rate limiting, and verification steps with sample repo links.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Client
participant AI_Gateway as AI Gateway
participant Asgardeo
participant Model as Model Provider
Client->>AI_Gateway: Send request with agent token + headers
AI_Gateway->>Asgardeo: Validate token / introspect / fetch roles
Asgardeo-->>AI_Gateway: Token validity and role/scope claims
AI_Gateway->>AI_Gateway: Apply route-specific plugins (OIDC, AI Proxy, rate limits)
AI_Gateway->>Model: Forward transformed request (budgeted)
Model-->>AI_Gateway: Model response
AI_Gateway-->>Client: Return response

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 I hopped through docs with a curious nose,
Two gateways taught me how agent-auth flows.
Tokens checked and routes aligned,
Roles and budgets neatly signed —
A little nibble of secure repose.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description covers Purpose with comprehensive details but lacks required sections: Related PRs, Test environment, and Security checks from the template.	Add Related PRs, Test environment, and Security checks sections to match the repository's required PR description template.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: adding two tutorials for integrating Asgardeo with KONG and WSO2 AI Gateways for agent identity management.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can use your project's `biome` configuration to improve the quality of JS/TS/CSS/JSON code reviews.

Add a configuration file to your project to customize how CodeRabbit runs biome.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In
`@en/includes/tutorials/integrating-asgardeo-with-wso2-ai-gateway-for-agent-identity-aware-access-control.md`:
- Line 110: Replace the grammatically incorrect phrase "the both proxies" in the
sentence that reads "Make sure you configure Backend Settings and Deploy the
both proxies to development and Production Environments." with "both proxies"
(e.g., change to "Make sure you configure Backend Settings and deploy both
proxies to Development and Production environments.") and normalize
capitalization of "deploy" and "environments" to match surrounding style.
- Line 166: The link to WSO2 Bijira guardrails in the sentence containing the
URL "https://wso2.com/bijira/docs/create-api-proxy/third-party-apis/guardrails/"
is returning HTTP 403; either replace it with a correct public documentation
URL, add a note that the page requires special access/credentials, or remove the
link and provide an alternative public reference or an inline summary of the
guardrails; update the sentence in the markdown file to use the corrected URL or
the access note so users are not led to a forbidden page.

[pavinduLakshan]

I’m not sure whether we can use this as a concrete example. Typically, when there is a coordinator agent, it delegates tasks to multiple sub-agents. In this case, however, there is only a single agent involved, which makes the coordinator role seem redundant, in my opinion.

[AkinduH]

My idea was to have a agent to classify the incoming tickets. There can be many sub agents under him, I didn't mention them to keep the example more simple and focusing on showing how to secure the AI gateway.

[pavinduLakshan]

We don't create service accounts for ai agents in Asgardeo.

[AkinduH]

we create 'auth identities' for them. Is this term okay? @pavinduLakshan

[pavinduLakshan]

Let's provide a meaningful identifier and display name. agenttype doesn't sound meaningful enough

[AkinduH]

changed

[pavinduLakshan]

Let's add docs to the identity-server/next folder too.