API Management

Apigee Edge for Private Cloud 4.18.01 Is Here!

We’re excited to announce the general availability of Apigee Edge for Private Cloud 4.18.01. This release features several new capabilities, including the Apigee Edge unified experience, native policies for JSON web tokens (JWT), and more.

Edge unified experience (UE) beta

The unified Apigee Edge experience improves API lifecycle management, from design to development to publishing APIs. This is the next-generation UI for Apigee Edge.

Trying out the new UE for private cloud requires you to enable SAML single-sign-on for Apigee Edge. You’ll have to install the new user experience on a separate VM (one that doesn’t contain other Edge components).


A couple of things worth noting about Edge UE for private cloud:

  • The specs feature and integrated portal are not supported in Edge UE for private cloud.
  • You can run basic auth-enabled Classic UI and Edge UE simultaneously.

External role mapping V2

The new release also enables you to map groups in your corporate LDAP to Apigee Edge roles by implementing the RoleMapper interface. External role mapping works with basic authentication only. Mapping external role enables you to:

  • Manage Apigee Edge roles to match your organizational structure.
  • Automatically sync user group changes in your organization with the proper role in Apigee Edge.
  • Grant users additional roles in Apigee Edge when assigned to an additional group.


An example implementation is as follows:

public class ExternalRoleMapperImpl implements ExternalRoleMapperServiceV2{
   private DirContext initialDirContext;
   private SearchControls controls = new SearchControls();
   public Collection<NameSpacedRole> getUserRoles(String username, NameSpace expectedNamespace) throws ExternalRoleMappingException {
       Collection<NameSpacedRole> roles = new HashSet<>();
       String orgName = "tech-brief";
       System.out.println("Getting Group");
       String userGroupFilter = "(memberUid=uid)";
       try {
           /************** Fetch groups for user **************/
           NamingEnumeration<SearchResult> groupResults = initialDirContext.search(groupDN, userGroupFilter.replace("uid", username), new Object[] { "", "" }, controls);
           while (groupResults.hasMoreElements()) {
               SearchResult searchResult = groupResults.nextElement();
               Attributes attributes = searchResult.getAttributes();
               String groupName = attributes.get("cn").get().toString();
               if (groupName.equals("BusDev")) {
                  roles.add(new NameSpacedRole("businessuser",new OrganizationNamespace(orgName)));
               } else if (groupName.equals("Eng")) {
                   roles.add(new NameSpacedRole("user",new OrganizationNamespace(orgName)));
               } else if (groupName.equals("sysadmin")) {
                   roles.add(new NameSpacedRole("orgadmin",new OrganizationNamespace(orgName)));
                   roles.add(new NameSpacedRole("sysadmin",SystemNamespace.get()));
               } else {
                   roles.add(new NameSpacedRole("user", new OrganizationNamespace(orgName)));
       } catch (NamingException e) {
           throw new ExternalTeamMappingException(e);
       return roles;

In the example above, we are mapping the “BusDev” group in corporate LDAP to the “businessuser” role and the “Eng” group to Apigee Edge user roles.

JSON web token (JWT) beta

JSON web token (JWT) is a token standard defined in IETF RFC 1759. JWT enables you to sign a set of claims (key value pairs) that can later be verified reliably by the JWT recipient.

There are three new policies introduced in Apigee Edge: “Generate JWT,” “Verify JWT,” and “Decode JWT.” Generate JWT allows you to sign a set of configurable claims and sign with HS256, HS384, HS512, RS256, RS384, or RS512 digital signature algorithms.Verify JWT verifies the token signature and extracts the claims in flow variables so that subsequent policies or conditions can examine those values to make authorization or routing decisions. Decode JWT only decodes JWT without verifying the signature.

Other improvements

We’ve made a host of other changes, including:

  • Name validation that enforces a naming rule upon on creation of new entities. Entities validated on creation or update include API proxies, policies (and policy names in API proxy definitions), virtual hosts, roles, caches, target servers, data masks for debugging, keystores and truststores, and resource files in API proxies.
  • The ability to run a setup command with -t option to validate all system requirements without installing the components.
  • Postgres 9.6 to take advantage of parallel processing query and improved analytics performance.
We've also released a preview of our Teams feature, which enables proxy developers to be grouped to match the organization they're working in, and enables team leads to manage permissions/roles to reflect changes within the organization. This is an early release program; learn more about it in this Apigee Community post—and please give us your feedback there.

How to upgrade

We strongly encourage customers to upgrade to this new release to start benefiting from the added features, UI enhancements, and bug fixes.You can update Apigee Edge version 4.16.x or 4.17.x to 4.18.01.If you have a version that’s older than 4.16.01, you must first migrate to version 4.16.x and update to the latest version.

There’s a lot more to share than what we’ve covered here; additional details can be found in our release notes.

Visit Apigee Community to ask questions, leave feedback, or start a conversation.