Can i restrict access token for calling API based on IP. I find the domains restriction in version 1.3 of API-M but i can not find any guide to do so in the version 2.1. thanks for your response!
This is available in APIM 2.1.0. You can find details in https://docs.wso2.com/display/AM210/Managing+Throttling
Related
We are currently have 2.6.0 wso2 api manager and we hace a requirements to add multi factor authentication for our wso2 api manager.I have got the steps to add multi factor authentication for wso2 identity server from the official documentstion(given link below).Can u clarify if the steps are same for both identity server and api manager. Can u also clarify whether we can implement this steps in 2.6.0 version wso2 api manager.
I have referred the below link for enabling MFA
https://is.docs.wso2.com/en/latest/learn/configuring-sms-otp/
As out-of-the-box, the WSO2 API Manager doesn't support full-fledged Identity capabilities. Therefore, if you want to secure your Portals with MFA, it is recommended to configure an Identity Server as Key Manager with WSO2 API Manager.
Follow this documentation to configure WSO2 Identity Server as Key Manager with WSO2 API Manager v2.6.0.
I want to use keycloak as keymanager with wso2 apim 4.0 . I did configure keycloak as key manager using manual steps mentioned in below doc.
[https://apim.docs.wso2.com/en/latest/administer/key-managers/configure-keycloak-connector/][1]
I successfully tested this integration of APIM and Keycloak. But now I want to automate this process. I am looking for a REST API of admin portal in APIM which will provide the functionality of adding keycloak as keymanager. I referred to the below link
[https://apim.docs.wso2.com/en/latest/reference/product-apis/admin-apis/admin-v2/admin-v2/#tag/Roles][1]
But I could not find any API here which will allow me to add keycloak as keymanager. Please help me to find this API
Here is the key manager rest API - https://apim.docs.wso2.com/en/latest/reference/product-apis/admin-apis/admin-v2/admin-v2/#tag/Key-Manager-(Collection)/paths/~1key-managers/post
I am trying to follow https://medium.com/#shagihan/configure-auth0-as-external-oauth-provider-for-wso2-apim-3-1-0-4368aa2448e3 with APIM 3.2.0 and just noticed that the above config has no effect on APIM 3.2.0. Even if I set apim.jwt_authenitcation.subscription_validation_via_km to false I am still getting a subscription validation error as below,
{"fault":{"code":900908,"message":"Resource forbidden ","description":"User is NOT authorized to access the Resource. API Subscription validation failed."}}
So just wanted to confirm whether this has been removed from APIM 3.2.0. Thanks in advance!
Yes, this property is now removed from APIM v3.2.0.
In APIM v3.2.0, we support Auth0 by default and using the admin portal you can configure the Auth0 as the key manager.Please check https://apim.docs.wso2.com/en/latest/administer/key-managers/configure-auth0-connector/#configure-auth0-as-a-key-manager
In APIM v3.2.0 API subscription validation has become mandatory. API subscription details will come to the API gateway via the traffic manager. By going forward, JWT tokens will not contain any API subscription details or any WSO2 specific information.
Good day
I have created my ESB project using the enterprise integration studio provided by wso2 and have also downloaded the API manager separately. Meanwhile when I start WSO2 API manager, API Publisher and developer dashboard open.
I just want to create WSO2 API Gateway. How can I achieve this also I want gateway should be access based.
Please assist me how can I proceed for the gateway implementation.
I only want the WSO2 API gateway.
WSO2 APIM is consist of 5 profiles as Gateway, Traffic Manager, Publisher, Store(Devportal in APIM 3.x series) and KM profiles. You can start an APIM with the default profile (if you started as sh wso2server.sh) and you can work with each profile. But if you want to start APIM as Gateway profile, then you need to start the server with "-Dprofile" mode as follows.
sh wso2server.sh -Dprofile=gateway-worker
You can read this document https://docs.wso2.com/display/AM260/Product+Profiles to aware of the profile of wso2 APIM.
And WSO2 has Micro GW product too, you can find more details about that MGW here https://docs.wso2.com/display/AM260/Working+with+the+API+Microgateway. You can download the form here https://wso2.com/api-management/api-microgateway/ and test.
Evaluating Wso2 API Manager. I have dozens of various APIs that have been developed by several groups over the past few years, all authenticate with IIS windows authentication.
How can I configure Wso2 API Manager to call a backend OData API that is expecting Windows Authentication in the request?
I don't actually need to pass-through authentication from the calling user, I'd be okay specifying a dedicated service account that API Manager always used to call the backend services.
API Manager supports NTLM authentication. You can follow the sample in APIM_HOME/samples/NTLMGrantClient. This documentation explains this. Also please follow this blog.
The Endpoint Auth Type "Windows Authentification" is not supported by API Manager. You might want to consider activating "Basic" or "Digest" authentification on your service in IIS (both of them are supported by API Manager).
see: https://docs.wso2.com/display/AM1100/Basic+Auth