How can I add an IP range to the SMTP relay service? - google-admin-sdk

We continually add and remove IP's of servers that use the SMTP relay service and we do it manually, in the admin console.
We've looked at the documentation, and we don't see any reference to setting these rules in the API.
Is this possible to do?
Edit.- To do this in the console, you can folllow the procedure that is described in support.google.com/a/answer/2956491 (first step, point 8). –
I haven't found any command to do it in the Admin SDK API. I don't know if there will be something else.

Related

API allowing to import a CSR to Microsoft CA and receive a certificate

I need to find a way to import/submit SCR and receive a certificate from Microsoft CA via some endpoint from my server. The best option is REST, but if there is another API/protocol allowing to do a request from our server to the CA will be good enough.
Terminal utils will not work for me.
I found that there are a few options here:
Usage of .Net platform allowing to send/import CSR
CA Web Enrollment
CA Web Services
Our server is an on-prem solution and written on Java and may run on Windows and Unix-based platforms. It means that our customer decides what OS to use.
It means that the first option is not really an option...
The second option allows uploading an SCR to Microsoft CA via a browser, i.e. I can try to submit an HTML form and parse a response...extract the link for the cert, but it feels it is not the best option.
I found that the windows server contains the component called CA Web Services that theoretically allowing what I want, but the problem I can't find how to use it.
I followed the guidance here:
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831625(v=ws.11)
and Certificate Enrollment Policy Web Service and Certificate Enrollment Web Service are enabled on the server.
So I have the URL and I can put it in a browser or postman:
https://.../service.svc/CES
with basic authentication but for my try I received a bad request and I couldn't find the documentation about the endpoint.
So it will be nice if someone could say to me that I'm looking in the right direction and/or send me a link to the documentation.
And if it's not the right direction, maybe someone knows a better option.
Thanks in advance

API MANAGER 3.0 - API PUBLISHER NOT LOADING

I am doing a POC with my team as we are introducing WSO2 components and am working with the API Manager 3.0.
I seem to be having issues loading the WSO2 API Manager / API Publisher on the defined URL;
https://[ip address]/publisher
The page is not loading and I keep getting a spinning circle.
Steps I have taken:
Stop API Manager at command prompt with [Ctrl + C] command
Modified deployment.toml file specified paths for the localhost to our IP Address, API [publisher, gateway and store] URL values to use our IP Address as well.
Changed carbon.xml and api_manager.xml
Start API Manager with wso2server.bat --run command
Issues are as follows;
api_manager.xml values are reset to localhost and not the IP Address I modified it to.
The API Publisher page is not loading and I am not able to get to the API Publisher login page.
I am an administrator on the Windows Server hosting this, so all changes are made as admin.
First of all, APIM 3.0 has a new config model, where all configurations are available (only) in deployment.toml. All other configurations are populated based on that, and shouldn't be changed manually.
Second, you don't need to replace all occurrences of localhost to IP as many are local calls.
Third, the correct URL should have the port, unless you have a reverse proxy in front of API.
eg. https://[ip address]:9443/publisher
Sounds good and thanks for the input. I will give this a try and post back to the thread.
I am using the IP and Port for now with no reverse proxy but plan to add one, once I can get through this part.
Much appreciated.

calling user management services on WSO2 Identity Server

I am looking at two WSO2 client samples that call the user management web service. The first is a simple client, the second is a web app.
The first client sets the system SSL properties and then instantiates a WSUserStoreManager object.
The second one, the web app, does not set SSL properties at all, and instead instantiates a RemoteUserStoreManagerServiceStub.
Could someone please explain why these differences? What service to call when two similar are available (a regular and a 'remote' one)? Isn't it always necessary to set up the SSL properties when calling a https endpoint? Thanks.
if you are calling to HTTPS end point, you need to set the SSL trust store properties to trust the server. But it is under control of the client, If client wants, it can trust it, if not it can ignore. If you want to ignore, you want to override default TrustManager of java.
However, normally java has a trust store file called "cacerts" where it contains all trusted CA certificate. But WSO2IS server's certificate is a self signed one and java can not trust it. Therefore, if you want, you can import certificate in to the "cacerts file. I am not sure about why there are two different in client and web app. However, if you are calling HTTPS, trust must be created. Please check web app source more. Some time, it may have ignore the trust. As web app is run in a app server, sometime java SSL trust properties may have been set to correct file.

WSO2 API Key Manager

I am configuring our API Manager, but running into troubles authenticating via OAuth, seems to be an issue with the API Key Manager. I haven't dug into it yet, but does this come with the API Manager (as I have assumed) or is this a separate installation?
I had the same issue when using the wso2 api manager on a Amazon hosted machine, turn out that Thrift was not working correctly because some problem with multicasting and broadcasting.
What I did to get it working was to switch from ThriftClient to WSClient. If you have a huge amount of requests coming in then Thrift is the recommended solution from wso2 but in any "normal" case you will not have any differences between thrift and WS.
Here is how you switch:
Shut down the API Manager
Open up <api manager install dir>\repository\conf\api-manager.xml
Find ThriftClient
Change this to
<KeyValidatorClientType>WSClient</KeyValidatorClientType>
Start the API Manager
You may get some Warnings while starting up but, try it before you jump to the conclusion that it doesn't work.
Hope it helps!
you can use APIM manager product in a distributed setup as keymanger,gateway,store,publisher..but all functionality come in a single distribution.. ..
Go through the documentation for further guides
I was facing the same issue. Everything started when I created my own jks in order to use SSL without a self-signed certificate. I successfully created the jks and changed it in the carbon file. When I started the server, everything seemed ok; but when I used SOAPUI to test an API call, I got this (in the logs of the api manager):
APIAuthenticationHandler API authentication failure due to Unclassified Authentication Failure
I started digging what was the problem by enabling Debug level in the log4j.properties file, and then tried again a tested with SOAPUI and I got:
APISecurityException: Could not connect to <my api ip address> on port 10397
Then, I read the comment of OneMuppet and I checked that file and I found that the Thrift config has a host option, so I uncommented it:
<KeyValidatorClientType>ThriftClient</KeyValidatorClientType>
<ThriftClientPort>10397</ThriftClientPort>
<ThriftClientConnectionTimeOut>10000</ThriftClientConnectionTimeOut>
<ThriftServerPort>10397</ThriftServerPort>
This Line --> <ThriftServerHost>localhost</ThriftServerHost>
<EnableThriftServer>true</EnableThriftServer>
Save, restarted the server and everything start working correctly.
I got the same below issue after my installation, when i try to invoke the api service it is throwing below error:
900900 Unclassified Authentication Failure Error while accessing backend services for API key validation
After some random checks i have seen the axis2.xml file in /repository/conf/axis2 there it is refering a differnt ip's instead. I change these ip's to my local ip and restarted. The issue is resolved now.
I was facing the same issue. when I was trying to setup API Manager as an API Gateway in a different machine as per the steps given here,
https://docs.wso2.com/display/AM250/Publish+through+Multiple+API+Gateways
Once the setup is done and when I am trying to use this gateway URL, I was getting the below response,
{"fault":{"code":900900,"message":"Unclassified Authentication Failure","description":"Error while accessing backend services for API key validation"}}
After changing the KeyValidatorClientType value to WSClient from ThriftClient on the <api manager install dir>\repository\conf\api-manager.xml
It started working fine. And I was able to get the expected response.
If you changed the admin password, then you also have to update the repository/conf/api-manager.xml file with the new password. The 2 places I have changed (so far) are:
<AuthManager>
and
<APIKeyManager>
but there are other admin usernames in that file. No doubt, I'll get to them....

Unable to start event gateway instance: Event Gateway Service is not enabled

I recently migrated our server from ColdFusion 7 Enterprise to ColdFusion 10 Standard and now our event gateways aren't working. When I try to start them, it says:
Unable to start event gateway instance: Event Gateway Service is not
enabled.
I do have "Enable ColdFusion Event Gateway Services" checked in the "Gateway Settings" page. When I turn the setting on and off, it says "Event Gateway Started.". Yet it still won't start my services. When I click start, I get the "Unable to start..." error.
I've seen a few posts about this problem, on Adobe's site, but no solutions. Both threads end with a comment that "it's working now!", but do not explain how the problem was fixed.
Unable to start event gateway instance: Event Gateway Service is not enabled., (service IS enabled)
Event Gateway Service/Instance Not Working
Am I totally forgetting a setting on the server or something?
I figured it out. If you are using Standard and not Enterprise you will have to make sure you are only entering 1 in the thread. I was entering 8 like on our old server. When I was clicking update it was not really updating even though it said it was. After I updated it with 1 thread and restarted the server. It worked. I didn't even have to click start services, they came up on their own. I'm assuming since the answer was so simple why no one updated their own answer on the adobe forums, which was super annoying.
You need to start the Event Gateway Service in CF Administrator, and then will likely need to restart ColdFusion service.
This could be caused by the insufficient privileges for the the directories you're trying to watch.
Check the service account of the Coldfusion Application Server service and see if it has sufficient privileges (i.e. local system account might not have access to the directories you're trying to watch)