Set / store cookie on wso2 ESB - cookies

I have endpoint from thirdparty that require us to authenticate.
The response from endpoint authenticate is a cookie session.
I need to fetch the cookie response from this authentication endpoint, and then to call another endpoint (e.g : search endpoint) with this cookie.
I'm trying without wso2 and no problem with it, and the problem is while using wso2 ESB.
I have successfuly request endpoint authentication via wso2 ESB and, the response is return success,
Then i try to call another endpoint (e.g : search endpoint), the response is 403 forbidden (authenticate failed), that mean cookie is not send/set in search endpoint.
How can i fix this ?
I have try :
1. WSO2 ESB Getting a cookie from transport header with multiple cookies
2. In WSO2 ESB, how to store cookies and use them later for authentication?
Thanks a lot

Have you set the cookie?As you haven't provided details of your code.
<property xmlns:ns="http://org.apache.synapse/xsd" name="Cookie" expression="$trp.Set-Cookie"></property>
<property name="Cookie" value="JSESSIONID=1" scope="transport"/>
If the response from first call is a cookie session then i would suggest that you can write the session in a registry file so that you can fetch the session whenever you want.

Related

WSO2 Admin services for .NET web application

I have a JAVA web application which consumes WSO2 admin service - ServerAdmin and this need to be migrated to ASP .NET technology.
I tried to get client stub for AuthenticationAdmin (to get cookie which is needed for subsequent Admin service requests) using the client method login (username,password,server-name) , and the method returns "true"
But , how can I get the cookie from the response ?Or any AuthenticationAdmin client method which returns cookie ?
Raw XML response as below :
XML Response message as below :
<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><ns:loginResponse xmlns:ns="http://authentication.services.core.carbon.wso2.org"><ns:return>true</ns:return></ns:loginResponse></soapenv:Body></soapenv:Envelope>
The Cookie is presented in the Response Headers. So, you will find the JSESSION Cookie in the Response Headers of the Authentication Admin service call. You can use JSESSION cookie to call the subsequent Admin Services in the WSO2 platform.

How to call/configure a secured API in WSo2 API manager

I need to configure a set of apis which are secured and uses client credentials and password alone with client key and secret key.
And how to track the users that are trying to access the API.
I tried by adding proxy mediators.
By default, the API which you will create in WSO2 API Manager will have secure feature.
You can secure the APIs with
oauth which comes inbuilt in the application or
you can integrate the WSO2 Identity Server to be used as Identity Provider for WSO2 APIM.
Below link will show how to create and publish APIs in APIM Manager.
[https://docs.wso2.com/display/AM250/Create+and+Publish+an+API]
Once you are able to invoke the created API, you can check the usage of that API by checking on the Analytics profile for it. You can have it integrated with the API Manager.
Below link is useful to setup Analytics profile for APIM 2.5.0
[https://docs.wso2.com/display/AM250/Configuring+APIM+Analytics/]
Once the Analytics is setup for APIM, you can use the DB to fetch the usage of the APIs.
To solve your query, this is how you should proceed.
You can add a custom sequence in the inflow of the API ( you can do that from API Publisher only by editing it) [https://docs.wso2.com/display/AM260/Adding+Mediation+Extensions]
Sequence Code will be like below:
<sequence xmlns="http://ws.apache.org/ns/synapse" name="custom-sequence_name">
<property xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"
xmlns:ns3="http://org.apache.synapse/xsd"
name="accesstoken"
value="put your token here"
scope="transport"
type="STRING"/>
</sequence>
This above one is for token for backend which is static. For dynamic token you can create a sequence accordingly.
This should solve your query :)
For dynamic, go here [How the external authentication handled in WSO2 APIM for an external/Third Party APIs
If your backend is oauth secured then you can use one of the following methods
Method-1
OAuth mediator which can be used for generating OAuth 2.0 tokens and for calling the backends that are secured with OAuth 2.0 protocol. Refer this.
Method-2
writing a mediation sequence which generates an access token for the backend and making a connection to the OAuth 2.0 secured backend.Refer this blog.

WSO2 API Gateway changing the service HTTP endpoint at runtime

I used WSO2 Publisher application to create & publish an API with following configs:
Context = a
Version = v1.0
URL Pattern: /b/{bId}/c/{cId}
HTTP Verb: GET
Endpoint Type: HTTP Endpoint
Production Endpoint: http://backendserver:port/services/rest/GetXYZ
In the store I subscribed to the API, generated an application token and invoked the API with following URL:
https://gatewayserver:port/a/v1.0/b/123/c/456
However, when the gateway calls the backend service it somehow automatically changes the endpoint to the following:
http://backendserver:port/services/rest/456
instead of the expected:
http://backendserver:port/services/rest/GetXYZ
I verified the synapse config of the API and it captured the endpoint correctly as defined. what changes that backend endpoint automatically? How can it be avoided?
What version of Api manager are you using? if It is API manager 1.10, you would get a request to backend like this for default http endpoint
GET /services/rest/GetXYZ/b/123/c/456
The default behavior is appending the resource path to the backend endpoint when request is going out from the api manager
ex: if endpoint is http://test.com/abc and api has a resource defined as /testresource/123 then the request would be http://test.com/abc/testresource/123 to the backend with the default endpoint type (HTTP endpoint)
If you want to call the backend without appending the resource to the request, you can add the following property to the synapse configuration.
<property name="REST_URL_POSTFIX" scope="axis2" action="remove"/>
You can do this by using the mediator extension feature provided in API manager. see
https://docs.wso2.com/display/AM1100/Adding+Mediation+Extensions.
following is a sample extension file
<sequence xmlns="http://ws.apache.org/ns/synapse" name="removeresource">
<property name="REST_URL_POSTFIX" scope="axis2" action="remove"/>
</sequence>
Upload this and then import this to the 'IN flow' sequence in the api. see https://docs.wso2.com/display/AM1100/Change+the+Default+Mediation+Flow+of+API+Requests

Unable to publish service with https endpoint in WSO2 API Manager

I'm trying to publish the WSO2 Message Broker services using the WSO2 API Manager.
If I enter the Message Broker URL containing https:// in the Publisher and validate the endpoint, it returns 'Invalid'. I can save the API however. Specifying http:// results in a valid endpoint.
Using SoapUI to test the EventBrokerService gives a valid response (status 202) accessing the Message Broker directly. Via the API Manager I get a soap:Fault:
<soapenv:Fault>
<faultcode xmlns:axis2ns6="http://schemas.xmlsoap.org/soap/envelope/">axis2ns6:Server</faultcode>
<faultstring>Error in Sender</faultstring>
</soapenv:Fault>
Any pointers?
This seems to be a hostname verification failure. So when you publish an API through API Manager you need to set the HostnameVerifier parameter in
<APIM_HOME>/repository/conf/axis2/axis2.xml.
<parameter name="HostnameVerifier">AllowAll</parameter>
Please refer https://docs.wso2.org/display/AM140/Creating+an+API for more information.

How to persist JsessionID in wso2 identity server

Currently we are using wso2 IS 4.1.0 version, entitlements service for policy decisions. As entitlement service is a secured service we authenticate and get the cookie then pass the cookie along with the entitlements service requests. we are using jsessionid cookie and ran into a situation where if the wso2 is goes down we have to restart our app as it has a stale cookie we refresh the cookie on a time interval every 15 min. Is there a way in wso2 is to persist the cookie if it get restarted. we tried commenting the inside wso2is-4.1.0\repository\conf\tomcat\carbon\META-INF.
Can you suggest on how we can configure for persistence of jsessionid cookies in wso2is
Thanks
Kishore
User session (jsessionid) is not persisted in server side. So you can re-authenticated after 15min and get a new jsessionid. (If you received an authenticate failure, you can re authenticated). you need to implement PEP in such way.
If you are using basic authentication to authenticate with entitlement service. You can send both cookie (jsessionid) and basic auth header... if cookie is valid it would be authenticate with cookie, if not use basic auth headers and returns the new cookie to client. you can find some java code for this here.. but this is not for entitlement service but you can use....
[1] https://github.com/soasecurity/soasecurity/blob/master/user-mgt/client/remote-user-400/src/main/java/org/soa/security/sample/user/mgt/SampleUserRoleMgtClient.java