We'd like to create a custom APIM profile that only install/enables the Publisher, Key Manager and Traffic Manager on a single jvm. The gateway (manager and worker nodes) and Store will be running on separate JVMs.
How can I create a new profile?
And also, the docs state that the profiles only enable/disable the osgi bundles belonging to a profile, but that the web applications are still available (and I quess the web services too, since they are packages as .war archives). Can I remove the unused web apps on the different profiles? E.g. remove the gateway and publisher web apps on the store instance. Is this documented somewhere?
Thanks,
Danny
We'd like to create a custom APIM profile that only install/enables
the Publisher, Key Manager and Traffic Manager on a single jvm. The
gateway (manager and worker nodes) and Store will be running on
separate JVMs. How can I create a new profile?
Running multiple profiles in one server hasn't supported.
Can I remove the unused web apps on the different profiles?
Yes, you can remove the WARs specific to other profiles.
Related
Is tenant functionality useful for a saas web application? In wso2 docs the tenants are useful for multiple departments, but in my case I have multiple clientes with your own users.
How can I share my saas application between multiple tenant, if this tenant are isolated?
What’s the best way of use the wso2 capabilities for saas apps, using roles and access attributes (abac) ?
You can use the tenant functionality for your requirement. You can configure a service provider as the SaaS application, then that application can be access by all other tenant members.
By default, the SaaS Application check box is disabled, which means the web application is not shared among tenants so only users in the current tenant (the one you use to define the service provider) will be allowed to log into the web application. Alternatively, if you enabled the SaaS Application check box, that means this web application is shared among tenants so users from any tenant will be allowed to log into the web application.
You can refer here for more info
What’s the best way of use the wso2 capabilities for saas apps, using roles and access attributes (abac) ?
If you meant to configure the authentication mechanism for the saas apps using roles and access attributes, you can use the Adaptive Authentication feature. This feature will allow you to control the authentication/ authorization flow using simple javascript
I am trying to develop a data integration service which will be used in multi-tenant mode. We are exploring different solutions available, and WSO2 is one of them. I am using WSO2 EI 6.1.1 (Carbon).
I have created two tenants from superuser's management console, and deployed the *.car file from each tenant's login.
My understanding of multi-tenancy was that single deployement is done, and multiple tenants/users of the system access the same deployed service without interferring each other or getting blocked.
But here, I have to deploy the same carbon application for each tenant (twice in my case) from management console. How is it multi-tenant then?
I think you have didn't clearly understand the what is an tenant. Consider tenant as a separate organization. For e.g if you take Alphabet, you have Google, Youtube, Maps, etc... Those are your tenants. So each tenant can have their own set of apps.
If you want all the tenant users to access a particular app I think you can mark that as a SaaS app. That way any user from any tenant can access that particular app.
Hope that gives you a clear idea.
You can refer to https://docs.wso2.com/display/AM200/Multi-tenant+Architecture for more details about tenancy concept in WSO2
We have an enterprise web application implemented based on Spring-Security for authentication/authorization. This application is currently deployed on-premises on client side and usually we connect it to existing AD/LDAP systems.
Now we'd like to setup this web application within Amazon AWS for demo purposes. Therefore we need a kind of an user access frontend, where users can register and as soon as an admin approved this, the user should have access to the webapp ui. In addition a simple analytics layer is needed, to see some information about the user access.
It is important to have this "frontend" (could be a simple website based on a CMS like WordPress) just to explain the demo, to have the user registration functionality and the analytics layer. We explicitly don't want to include this in the existing web application, so it must be decoupled from each other.
What could be the right approach to setup such an environment? I just need the right direction to dig into the topics.
After a first research, we see that Amazon Cognito could be the right backend service for user data management. But we don't see "an easy way" to enable a simple frontend as described above (e.g. I didn't find a wordpress plugin to connect wordpress user data management with Apache Cognito). Also on the backend side I haven't find useful information how to integrate Apache Cognito with Spring Security.
If you are looking for a simple frontend we launched a new feature which gives you basic signup/login pages for your user pool.
I have several questions about WSO2 API Manager that I am not able to figure out reading the documentation:
Is it possible to setup a "default" basepath for all API? for example if I have to switch my endpoints from localhost:8080/rest/myapi to 12.43.56.89:8080/rest/myapi is it possible to do it without editing any single API's enpoint?
Is it possible to create create a role which allows access only to sandbox endpoint but not to production endpoint? The only way to do this, as far as I know, is to manually block the access to production once the user has subscribed the API. My idea is to allow all users to access the sandbox but enable only trusted users to access the production APIs once their applications have been validated.
Is it possible to distribute several instances of the AM Gateway? Accordingly with documentation it seems that is only possible to run gateway, store, and publisher+keymanager on different servers but not to run multiple instance of the gateway in parallel.
Thank you!
1) You can use a variable for endpoint base path like this.
http://{uri.var.host}:{uri.var.port}/apis/weather
These variables can be taken from system variables. See this for how to do it.
2) You can use Key Generation (i.e. OAuth App Registration) Workflows for this. This will send a approval request to admin user. If you want to automate it to approve based in user roles or something, you can customize workflows.
3) You can have multiple gateways.
I've seen that the WSO2 API manager version 1.4.0 offer the multi tenant capability, but apart from creating a new tenant in the carbon dashboard how can I have the different store and publisher applications for the different tenants.
My expectation is that I can have two different looks for the two tenants (even just applying different theme to the jaggery application), but I'm loosing where do I have to configure the existance of the tenant and How can I operate as a admin#tenant1 or admin#tenant2 to publish and consume in the store the API.
Thanks
Different theme support is not available. But when you publish an API as a tenant, it will be available in that particular tenant store.
If you create a tenant, it will be a tenant admin. And for that tenant, you can create tenant users with different permissions. (That is login as tenant from management console and create users/roles etc..)
I think you can't change the look and feel for each tenant. In multitenancy you can create multiple tenants and each tenant can publish their APIs, so that will affect and available to only that tenant.
You can log into publisher and store using tenant username and tenant password.