I am using WSO2 API Gateway to service API calls. The backend requires custom user attributes (username, e-mail, etc.) to be sent as part of the query string in the URL. The values for the query string pairs will be provided in the SAML2 token embedded in the API call.
How can a mediator access these custom SAML2 attributes?
You can create a custom mediator or custom handler to parse the saml token and set it to a header or something . see Writing Custom+Handlers for sample handler which reads a header .
Related
How can I configure WSO2 API Manager to handle Multiple Authentication API Keys in the store's API Console? I would like it show fields: Authentication and clientId, for example. But it only shows the field for Authentication despite of I built my swagger file with both headers in .
I do handle this Auth headers in my application backend. And I am testing my swagger file in the swagger-editor and works fine (Swagger Editor asking for two API Keys Headers).
Swagger can handle a lot itself, it's only a definition file. It doesn't mean a (any) product must support all options.
WSO2AM reads only the authorization header (Authorization by default, can be changed). The header is cleared before sending to the backend.
If you want to be able sending a custom header to the backend from the API Store, you can define a header parameter (not as an api key)
WSO2AM can be configured to send a JWT token to the backend with client information, that's how backend can get and validate the identity information.
I have a requirement that I need to validate 3rd party Authorization Server access token in wso2 API manager. If token active and valid then allow resource
imho as the simplest solution you could build a custom inbound mediation flow for that (if you are familiar with wso2 esb mediations). For this option you will loose some apim capabilities (throttling, authorization, analytics)
you should aware the default authorization handler would clean the Authorization header (as far I know) , so you may need to add a custom handler to preserve the original header value
I need to pass Authorization Header from API Manager (WSO2) to my Service Bus Aplication (Oracle).
I saw in another post that I cant do that, because API will validate the token against the key manager and drop that token before calling the back end. (How to pass authorization header in WSO2 OAuth2 and its backend API server Oauth2?)
There's any alternative to pass the token from API Manager to my service bus application?
There's some additional settings for that?
In conf/api-manager.xml, change value of "RemoveOAuthHeadersFromOutMessage" to false. Authorization header will not be removed and you can access it in your sequence, then you can set it to the request header to you backend. Not sure whether this is what you want or not.
One option would be to send same oauth token in another custom header and then by adding a custom mediation sequence in the api manager, set that custom header to Authorization header and then send it to backend server.
https://docs.wso2.com/display/AM1100/Pass+a+Custom+Authorization+Token+to+the+Backend.
WSO2 APIM by default supports OAuth2 for securing APIs. If I want to secure my APIs with other standard mechanisms such as BASIC or custom authorization mechanism(eg: based on xml body elements values of request), what is the approach I should follow?
In documentation it tells about writing a custom handler link . I guess this handler is invoked at transport level which will apply for all the API requests over that transport ??.
Does APIM supports adding other security(eg:Basic) mechanisms for each API when an API is added by publisher? and if so does that happen inside the ESB proxy service sequence or before it hits the proxy service?
The API Manager UI supports only OAuth based security, you can modify the synapse configuration of the API to support Basic auth to validate based on HTTP header. Customer authentication can be supported through handler. A reference to the handler has to be included in each API that you want to secure using the custom logic. This can be done by modifying the synapse config of the API.
You need write custom authentication handler and set as an handler configuration for that specific API
How to send the post request in wso2 api manager? What would be the content type, parameters etc.
I am publishing Rest APIs in WSO2 API Manager , I would like to intercept my own API input field validations for each API like input parameter format and value etc. If validation success then API Manager should allow the request to invoke back-end , else reject the request with error message.
You can create a custom handler or custom sequence and deploy it for that api. You can implement the validation logic inside that.
see following product documentation
https://docs.wso2.com/display/AM1100/Writing+Custom+Handlers
https://docs.wso2.com/display/AM1100/Adding+Mediation+Extensions