I have using WSO2 identity server,but i have facing problem for Policy creation,
because this is available in XACML Poliicy.
Document :
https://docs.wso2.com/display/IS570/Entitlement+with+APIs#EntitlementwithAPIs-publishToPDP()
any plugin any anything available for convert to REST API?
Yes there is no straight forward way to utilize PAP operations in REST way. But there are couple of alternate solutions.
If you are good in WSO2 EI (previously WSO2 ESB) you can use SOAP to REST transformation as per [1]
You can write your own java component as JAX-RS service in WSO2 Identity Server [2]
[1]https://docs.wso2.com/display/EI600/Using+REST+with+a+Proxy+Service#UsingRESTwithaProxyService-RESTClientandSOAPService
[2]https://wso2.com/library/articles/2016/10/article-exposing-wso2-identity-server-admin-services-the-rest-way/
Related
What are the alternatives available while using WSO2 Identity server as PDP?
If we use WSO2 ESB, its creating one extra layer..
So what benefits we will get by using it? If we use Sun's XACML API to send and receive request and response in some class which act as PEP then would it be bad design?
It is not needed to use the WSO2 ESB as a PEP. You can write you own PEP to integrate with your application. As an example, if your application is an java web application, you can write your own PEP client to call the EntitlementService.
Advantage of using WSO2 ESB is that, It can act as Security Gateway for you all type of requests. It can do authentication/security protocol switching and more.. It has an extensible architecture.. If your all idea is to only to use WSO2ESB as PEP, I do not think it is worth. ESB is also calling EntitlementService of the WSO2IS. Therefore you can directly call it from your application. You can write simple PEP client using java. You can find java client from here and you can integrate it with your application as PEP. There are some place that have been done it. Please find one from here. In his sample, command line client calling the EntitlementService
I'm working on a master's degree project which the main goal is wso2 study.
Through wso2 I need to be able to:
Do protocol Bridging (eg: rest to soap);
Apply data transformation (apply xslt on xml);
Content based routing;
Load balancing;
Create authentication and authorization layer to legacy services (authentication via oauth 1.0a);
Exception shielding;
Service monitoring;
Services lifecycle control;
So, my question is: do I need any other wso2 product, or ESB is just fine? For example to implement the security layer and all the load balance stuff do I need to add wso2 identity server and wso2 elastic load balancer?
Or even more: do I need to extend the esb by writing custom code to solve any of this issues? In which cases extend the esb is the only way to go?
I hope to do not be naive trying to solve all this complicated issues, but I'm kinda lost on this big swiss knife that wso2 is.
Thanks
Please find my answer..
Do protocol Bridging (eg: rest to soap ---> ESB
Apply data transformation (apply xslt on xml) ----> ESB
Content based routing ----> ESB
Load balancing ---> ESB can be used. But i prefer Apache HTTP and Nginx. They are more intended for that purpose
Create authentication and authorization layer to legacy services (authentication via oauth 1.0a) --> ESB can be used. But you need an OAuth2 Authorization server for token validation. Also, XACML PDP for policy validation. Both are available with Identity Server. According to the Carbon, you can install those features with ESB as well. But it is not recommended much. Please see more details from here
Exception shielding ---> ESB
Service monitoring ----> ESB can be used. But if more, you can use BAM
Services lifecycle control ---> ESB can be used. If needed more, you can install G-reg features
I think. It is only enough to use WSO2 ESB and WSO2 IS for this purpose. Sometime you may need to write some code. But it is easy as there are lot of samples are available freely.
From what I've read and experienced, the API Manager 1.3.1 only generates proxies. However, I would like to proxy a back-end SOAP service with a SOAP service proxy and have the proxy implement a WS-Policy with a WS-SecurityPolicy.
Is there built-in support for this in API Manager 1.3.1?
Will there be support for this in the next version of API Manager?
If no, then what steps would I take to have the API Publisher and Store apps recognize SOAP proxies?
I hope that API Manager is not the ideal way to start to implement your use case. You should use Enterprise Serivce bus which provides the UI and necessary other tools to implement the scenario.
You can install the required features (Which is pre installed in ESB) to API manager and use those features. But you can just go ahead with WSO2 ESB as it is.
http://docs.wso2.org/wiki/display/ESB402/Secure+Proxy+Template
in wso2esb, itself contains throttling [1]/analytics[2] support.You can check the documentation on how to enable the throttling for proxies. If you like to use APIManager, define a proxy in another instance(like ESB) and provide that as endpoint when you create an API. But that proxy has to handle REST calls..
But from my understanding, you can simply use wso2esb.
[1]http://docs.wso2.org/wiki/pages/viewpage.action?pageId=15471353
[2]http://docs.wso2.org/wiki/display/ESB451/Statistics
I am trying to use wso2 ESB server as a PEP, I already have wso2 identity server acting as the PDP and an application hosted on wso2 Application server. I have uploaded policies into identity server and I was wondering if there any tutorials out there that both show and explain how to make this happen. I have tried the blog http://wso2.org/library/articles/2011/08/finegrained-authorization-restful-services-xacml but it has not worked. any direction on how to turn esb into a pep would be appreciated
You can use wso2 esb Entitlement mediator. Have a look at following guide which explains how we can add fine grained authorization to proxy services.
http://docs.wso2.org/wiki/display/IS400/Adding+Fine-grained+Authorization+for+Proxy+Services+in+ESB
Myself: New to WSO2, Evaluating multiple ESB products
Here is what I am trying to do with wso2 ESB
Application "A" will send a zipcode (SOAP-WDSL) to WSO2-ESB
WSo2 will use that zip-code and query National WeatherService and obtain
the Lati-Long for zipcode
LatLonListZipCode method at
http://graphical.weather.gov/xml/SOAP_server/ndfdXMLserver.php?wsdl
Return the lat-Lon to Application "A"
Would someone please guide me , like where to start and the components needed so forth?
I am kind of confused by all the terminologies and over complicated product names and hierarchy (carbon, oxygen so forth)
For your requirement what you simply need is to create a Proxy service in WSO2 ESB to invoke this Backend service. (National WeatherService)
If you want to get started with WSO2 ESB I recommend you to 1st go though. WSO2 ESB Sample guide and WSO2 ESB Configuration. Where you can get a head start using that.
For your scenario you can simply follow the below steps to create a simple WSDL Proxy create a working scenario which you can later improve (ex with routing , monitoring etc..)
1) Login to WSO2 ESB.
2) Go to Proxy Service Adding Section
3) Select WSDL Based Proxy as the Template
4) Give a Proxy name , WSDL url , Service name (ndfdXML) , WSDL Port (ndfdXMLPort) and tick Publish Same Service Contract
And create the service.
Now you have exposed the same service though WSO2 ESB. You can go to service list section.Get the Service EPR details and invoke the service using your application.
Below is a nice work done for beginners. Someting similar to your case
http://dakshithar.blogspot.com/2012/07/routing-and-service-chaining-with-wso2.html