I'm trying to create a API from my ERP into WSO2 API Manager ,to access API without use API Manager I need to use a NTLM credential. I want to publish this API into API Manager, but when I trying to create and Publish , I cannot add that credentials and api does not work. where do I submit those credentials?
As you can see on this picture, I'm getting unauthorize.
API Manager Error
WSO2 API Manager v3.1.0 supports basic auth, digest auth, and mutual ssl for backend security. If you want NTLM, then you can use a class mediator. https://medium.com/#nipunadilhara/ntlm-authentication-for-wso2-esb-v6-2-0-9584c3e6713
Related
I am using wso2 API manager 3.1.0 I want to create the users and roles programatically. Are there any REST APIs available for the carbon console of the APIM to achieve this? I referred to this document
https://apim.docs.wso2.com/en/next/develop/product-apis/restful-apis/ which has only details of the
REST APIs available for API publisher and devportal mainly.
You can use RemoteUserStoreManagerService SOAP service.
See https://docs.wso2.com/display/IS580/Managing+Users+and+Roles+with+APIs
I wanted to do some POC for wso2 API manager where API Manager will expose login and registration url which will be called by UI layer but wanted to handle end user authorization and authentication
in API manager layer and don't want to handle this in database how can I do this i don't to use Identity server also.
I have gone through password grant_type tutorial and we can use this but how the authorization is going to performed?
Do we need to maintain user details in separate database or in identity server? if yes how this is going to happen.
I have gone through below questions but didn't get exact solution, please help me on this.
authorize user in wso2 api manager
wso2 api manager end-user
Thanks
how can I do this i don't to use Identity server also
By default you should be using the provided OAuth2 endpoints to authorize the users. However - the API Manager itselfs doesn't support self-registration and account verification.
I'd suggest to configure a WSO2 Identity Server as an APIM Key manager.
The WSO2IS has capability for self-registration and account verification.
The application or users will authenticate against the WSO2IS and the returned token will be valid for APIM (as the KeyManager shares the database with tokens).
We're trying to make Salesforce send a message to one of our APIs through WSO2 API Manager 1.9.0. However, it seems that Salesforce is unable to authenticate and recommends using IP-restrictions.
So, is it possible to allow an anonymous/unauthenticated user to use an API in API Manager? IP-restriction I can take care of with firewalls, I don't have to do that in API Manager.
When you create an API, in the Manage tap, you can select No Authentication for an API resource. Then you will be able to access the API resource without access token. See my answer for the similar question.
I am very new to wso2 API manager. Sometimes an application might need to call a service in another application on behalf of a user. How can we make this in wso2 API manager by configuring Signed JWT Authenticator as like Google OAuth 2.0 Authorization Server?
If user is authenticated by saml2 in the application, then application can get the oauth token using saml token and invoke the apis on behalf of user.
check following links for more detail
1.http://shafreenanfar.blogspot.in/2014/02/exchanging-sml2-token-to-oauth2-token.html
2.http://pushpalankajaya.blogspot.in/2014/01/invoking-apis-using-web-app-with-oauth2.html
I was using OAuth for a REST API Service on WSO2-ESB using WSO2-IS, and now I wanted to register this service on API Manager. But looks like API Gateway already has OAuth incorporated.
Does it make sense to have WSO2-IS for OAuth in above scenario because having WSO2-API Manager and WSO2-IS make it a two layer OAuth which is not required?
Thanks,
Wajid
Yes API Gateway already has OAuth incorporated. WSO2 API Manager provides secure authorization for APIs using OAuth 2.0 standard for key management. Every API created through WSO2 APIM will engage authentication handler which does this. So if you are using WSO2 API Manger you can skip the engagement of OAuth to your REST API. If you want to keep your own authentication mechanism, it also can be done by defining your APIs in API Provider with None Auth type. In that case API gateway will just pass the any Authentication headers came in the request to the backend service, without validating. But here since you are also using OAuth, you can go with WSO2 API Manager's default authentication mechanism.
http://docs.wso2.org/wiki/display/AM131/API+Manager+Components