I need to plug a wso2 gateway on another wso2 gateway (throught a proxy, but that's not the pb). How can I make the 1st wso2 be authenticated on the 2nd one with an API_KEY ?
Actually the 2nd one is on Prototype mode to be accessed.
Perhaps someone have the solution ?
Thanks !
Bruno
You can provide a customer header to second API Manager which act as prototype.
Here is the summery of the flow
Client (headers: Authorization, custom) -> Gateway (drop: Authorization, convert: custom->Authorization) -> Backend
More information can be found here
Related
Is there a way to "intercept" login or registration event in WSO2 Identity Server?
I know that wso2is architecture is quite complex, also there are some extension points, but I didn't find any information regarding how intercept those events.
I'd like to replicate something available in Gigya that allows to configure an API endpoint to call when one of those events happen (passing some information regarding the user)
Thanks
You can write a userstore listener to get this done. More details are available on wso2 official documentation.
https://docs.wso2.com/display/IS530/User+Store+Listeners
I have wso2 apim 2.1 and I have request to connect to SOAP endpoint which is secured with username and password.
During add procedure of SOAP endpoint I dont have possibility to enter such credentials nor possiblity to use mediation(eg like for rest api) as I get not authorized before enetring next phase. is there a way how to do this without using ESB ?
how to connect to secured SOAP backend using just apim ?
or Do I have to use ESB and follow similar way as LINK
thank you for any advice
We were not able to parse the backend wsdl from some reason and we have done workaround by donwloading wsdl and manualy pushing it to registry, after that we were able to follow next steps.
I am new to WSO2 Identity Server(4.6). I have a use case, where I have a rest service on ESB (WSO2 ESB 4.9). And I would like to give resource level access to various users.
I thought of using WSO2 identity server for authorizing the user and using the token for accessing the rest service. I was going through the playground example, but that is not something I would like to do, where the Authorize service opens the Identity Server Authorization Service. It seems to be sequential, and assumes that the user/resource owner are the same.
I would like to do all that programatically, and just give the aothorization code to the user, and let him call the token service to get the token. Is this possible?
Thank you
You can use the https://localhost:8243/token endpoint for your use case. You can refer to below links for more information
https://docs.wso2.com/display/IS500/OAuth+Token+Revocation+with+WSO2+Identity+Server
https://docs.wso2.com/display/AM190/Token+API
I'm researching WSO2 API Manager and I discover that if I use WSO2 API Publisher and API Store, I would meet XSS and CSRF security errors. With XSS, I see that WSO2 didn't encode HTML character input. With CSRF, I see that WSO2 didn't create token when I request from client to server and vise versa.
Does everyone know how to config WSO2 to prevent these security error or how to fix them.
Thanks in advanced.
On our side, there are a few things we do when publishing/consuming APIs via the API Publisher and API Store:
Set the Transports property to just HTTPS so that we can limit API availability to just HTTPS.
For each HTTP method, we set the Auth Type to either Application, Application User or both, but never none. This will force the client to utilize the WSO2 Access Token scheme to invoke the APIs hosted on the API Store.
On the client side, we have been invoking the Token API to generate and renew user and application access token so that we don't have to manually re-generate keys in the API Store.
Utilize API in-sequence to escape special characters.
We fix these type of security issues in our next release AM V 1.7.1. You can expect it in 3rd week of September.
I have downloaded the new version of API Manager 1.0.0 GA.
I am confused about publishing the WSDLs, since that has not a related API KEY, everyone can access it.
For that reason I have tried to add access token from ESB, but that will not authenticate the API Manager's Users (like Apisubscriber) only the users inside the ESB (even if I have configured an external JDBC db for both APIManager and ESB user-mgt.xml).
So, is there a way to create an API key for WSDLs as well from the API Manager? Or How do I control the access to the published WSDLs in the API store?
Many thanks
EDIT:
From the ESB I have added security to the service by using the built-in security scenarios, in my case I have used "UsernameToken". This authenticates users based on roles defined in the ESB "admin/everyone..." and only accepts users defined in the ESB's user store "admin/admin" (and others you might have created).
I have ESB and AM configured to share the same mysqlDB for user store, but that does not work in my Security Scenario described before: if I create a user "apicreator" inside AP and I create "usertest" inside ESB, they store the users inside the same MySQL db, but under different "tentant", i.e. "apicreator" is not a valid user to authenticate in my Security Scenario (UsernameToken). I hope this description helps to clarify the problem. thanks
With WSO2 API Manager, you couldn't control the access to a published WSDL in API Store.Currently there's no way of creating an API key for WSDLs as well from the API Manager.But that controlling has to be done through your back-end service. How-ever when creating an API from WSO2 API Manager ,giving the Wsdl url as an input is not a required field,but an optional field.
Apart from that I'm not clear about your following phrase."For that reason I have tried to add access token from ESB, but that will not authenticate the API Manager's Users (like Apisubscriber) only the users inside the ESB".Can you explain a bit more what you mean by "add access token from ESB"?
Thanks;
/Lalaji