So I've deployed my WSO2 APIM instance to an Azure VM, changed the hostname to be the same as the VM, also the gateway.
I'm then having problems during requests execution, I'm getting CORS Problem
Related
Our app sends a request to Facebook API endpoint.
https://www.facebook.com/ads/api/preview_iframe.php
It works from our team's local machine but when the app gets deployed to lambda, the requests fail. We've tried logging into an EC2 and test it and the requests fail there as well.
Is this something we can rectify on our end?
WSO2 APIM is not invoking backend when hostname is changed.
My APIM server is in AWS running in a docker container. Backend is in Azure App service. When I configure API gateway with localhost in AWS EC2 instance, the published API in gateway is able to invoke backend and fetch data without any issue.
When I do the following changes and try out the same API from AWS, it gives 400 response error without anything in logs
change the host name in deployment.toml and the required gateway urls
create new keystore for SSL communication using CA signed certificate and import it in client-truststore
change the secondary keystore to the new one
Build and run the docker with modified keystores and deployment.toml
Created an image using the dockerfile mentioned in https://github.com/wso2/docker-apim.git under dockerfiles/ubuntu/apim and then performed required changes in deployment.toml and Dockerfile
The API is working fine using curl and from postman. It is giving 400 error only when invoked from Publisher/Devportal UI
We have two API servers running in HA mode i.e. same set of services are running on both VMs with same environment. We would like to use WSO2 APIM for API Security but the problem is that we have not been able to find how to use HA routing services in WSO2 APIM.
E.g.
API Server 1- http://192.168.0.2/getCustomerDetails
API Server 2- http://192.168.0.3/getCustomerDetails
API Gateway- 192.168.0.10
Once registered on API Gateway the service endpoints become-
URL1- https://192.168.0.10:8243/getCustInfo1
[edit]
URL2- https://192.168.0.10:8243/getCustInfo2
Now the question is how does WSO2 APIM decides where to route the request i.e. URL1 or URL2 for accessing the same business service? Or there is some concept like virtual ip usage in WSO2 APIM?
You don't have to create 2 APIs in API Manager for your 2 backend URLs. Create a single API and use Load Balancing or Failover Endpoints[1].
[1] https://apim.docs.wso2.com/en/latest/Learn/DesignAPI/Endpoints/high-availability-for-endpoints/
Is WSO2 Cloud Gateway supported in StratosLive? Is there self-service setup? I would like to expose an internal web service (behind corporate firewalls) to WSO2 ESB on StratosLive and Cloud Gateway may be one solution...
WSO2 CG is supported in StratosLive and we are in the process of deploying CG(and other services) in StratosLive. Please check back in couple days.
Scenario:
A client calls WebService A on the LAN. WebService A is running under an App Pool with Identity "Network Service".
WebService A does some work, prepares to call WebService B.
WebService B requires a client cert (*.cer) and SSL.
WebService A is on a dedicated Windows 2003 server.
Everything works in the Dev environment as it should (but the developer with Administrator privileges is always logged on locally (no surprise!).
The certificates are stored on disk at C:\MyCertificates\
The certificate is being applied at runtime successfully in Dev with this snippet: myWebService.ClientCertificates.Add(new X509Certificate.CreateFromCertFile(certPath));
Problem:
WebService A is calling WebService B, and the returned exception is:
The request failed with HTTP status
403: Forbidden
This really means that the certificate was not sent in the request to WebService B.
I am under the assumption that installing this cert into the browser is not a solution. The browser settings typically are per-user, and I need to give the certificate to the user whose credentials the web service is running under. (e.g. Network Service, System, or whatever is in the IIS AppPool settings).
Question: How can I grant access or association to my certificate living at the specified directory location to the Network Service or other non-user account?
This Microsoft knowledgebase article may be of use:
How to call a Web service by using a client certificate for authentication in an ASP.NET Web application (MS KB901183)
Your web service 'A' would effectively be the ASP.NET application calling the web service as described in the article.