I'm creating an entry in API Manager for one of our webservice endpoint which doesn't use the default HTTPS port of 443, it's binded to port 444 at the moment.
I'm configuring this API entry in WSO2 AM to be accessible via HTTPS only but I can't get it to work. I've entered https://:444/ as the HTTP Endpoint value when creating the API record.
Has anybody successfully setup a similar scenario? Thanks
Related
I am trying to understand how the WSO2 micro integrator reroutes requests internally. I know that inbound endpoints basically enable services to be available on a different port. So, does it maintain a list of resources that are mapped to this inbound endpoint and simply act as a passthrough? For example:
I have API resource defined at: http://localhost:8290/healthcare/querydoctor/{category}.
Then create inbound endpoint at port 8505 with Dispatch File Pattern: /healthcare/querydoctor/.*.
At this point does it internally create a map that says http://localhost:8285/healthcare/querydoctor/.* = [http://localhost:8290/healthcare/querydoctor/{category}, ...]
Also, I saw this in the wso2 documentation:
The HTTP inbound endpoint can bypass the inbound side axis2 layer and directly inject messages to a given sequence or API. For proxy services, messages are routed through the axis2 transport layer in a manner similar to normal transports.
What does bypassing the axis2 layer mean, and why is that being done in this case?
Basically, Axis2 is the default transport layer of MI. For example, if you invoke an API through port 8280 it will go through the Axis2 layer and come into the integration layer. If you invoke an HTTP/S Inbound Endpoint it will not go through the transport layer again, it will be routed internally to the Proxy or API if you have a Dispatch Pattern.
The following image will help you to understand the Inbound Endpoint architecture.
having WSO2AM 2.1.0 in distributed setup (KM, GW, TM deployed and scaled separately) we'd like to enable SAML SSO for application users with an external SAML IdP.
Main question is - what is the SAML ACS url for the APIM as SP in this setup?
By default (it's working) the ACS URL is https://host:9443/commonauth , however as far I understood the client should have access only to the Gateway services (port 8243). On the port 8243 there are even all OAuth services exposed too.
So - do we need to expose a route / ports to 9443 (gateway to key manager)?
Thank you for any insight
question is bit unclear. We can setup SSO for publisher and store applications only. There is no connection with the gateway when configuring this. see https://docs.wso2.com/display/AM2xx/Configuring+Identity+Server+as+IDP+for+SSO . Since API Publisher or store acts as the SP, We set ACS url for publisher as https://localhost:9443/publisher/jagg/jaggery_acs.jag and for store as https://localhost:9443/store/jagg/jaggery_acs.jag
Gateway is there to accept the API requests. so only 8243 and 8280 are needed to exposed to public. but gateway needs to talk to keymanager (to validate tokens) so there needs to be a connection between gateway and keymanager.
I have generated a JAX-WS web service with RAD 8.5 which automatically generated an endpoint for the service at "http:endpoint". I generated a client for the web service from the WSDL and added transport security (SSL) to the web service and added a secure endpoint using the following line of code in my client:
proxy._getDescriptor().setEndpoint("https:endpoint");
Everything seems to work fine. My question is do I need to do anything about the existence of the original endpoint ant "http:endpoint". This is an in-house web service so all of the apps which use it in house will use the secure endpoint, but is the availability of the unsecure endpoint a security risk for the web service? If so, what do I need to do to fix it? Any help would be appreciated.
I am not familiar with the Framework you are using, but there should be a configuration in your proxy to not allow http calls at all. If you have that option, turn it on so that your service only listens on port 443 (secure port).
An alternative would be to rewrite all http requests with https.
I have put the Identity server behind a reverse proxy with apache changing the default port to default HTTPS (to allow access without our internal network), I have then modified the XML files to remove the {port} from the endpoints, BUT the /commonauth endpoint is still being sent in SAML requests with the port as the assertionURL/return url?
How do I change this? is it in any configs?
Thanks again
Add proxyPort="443" attribute to the HTTPS connector element at the repository/conf/tomcat/catalina-server.xml
I've read source code of wso2 greg, and find that there is a tomcat embedded in it, and there are two connectors: http with port 9763 and https with port 9443. But when I type the url [http://localhost:9763/carbon] in browser, it redirect to https automatically. While I can't find the related source code about the redirecting.
Can anybody help?
thx
The Management Console (UI) of all WSO2 Carbon based products communicate with backend web service called AdminService. These services are secured and that's why it can be accessed only through https.
More info - http://charithaka.blogspot.com/2013/06/invoking-wso2-carbon-admin-services.html