How can we implement Message mediation level prioritization in WSO2 API manager. Since WSO2 ESB is embedded in API manager, Can i enable this capability in API manager itself. I understand that it is available in seperate WSO2 ESB. I do not want to have seperate EB layer for it.
Even though it is recommended to seperate out API Management and Mediation layer, you can still run ESB (mediation)activities within the API Manager. If you are familiar with sequences in ESB the same sequences and API's are used to define the API's that are exposed in the API Manager. You can directly access the source of the API's that are created from the management console of the API Manager (http://{IP}:{PORT}/carbon). Here you will find a Service Bus section on the left hand navigation section under which there is a 'sourceview'. From there you can access the API definitions and add the priority mediator[1].
[1] https://docs.wso2.com/display/ESB481/Prioritizing+Messages
Related
In API Manager, I pass APIs in API Manager with respective services, also after reading documentacion of API Manager version 3.0.0 (https://apim.docs.wso2.com/en/latest/GettingStarted/overview/), I know in Publisher there exists a ESB, also in my case I work with this cases I think is part of ESB:
WSO2 OAuth Mediator(JAR).
File JSON by WSO2 OAuth Mediator, with endpoints referents to API's I'm cosuming.
In publisher page I add Custom Policies in request or response.
But existing WSO2 Enterprise Integrator (EI) version 6.6.0, this component have a ESB.
My questions are:
In my case, really I work with ESB?
How to integrate API Manager with EI?
WSO2 API Manager gateway is built on top of Synapse engine which is the same engine used in WSO2 EI (ESB). Using API Manager you can do simple mediation. But if you want to do any complex mediation, then you should use EI (ESB) along with API Manager.
Can someone please clarify when to use API Manager and when to use Identity Server. I see that API Manager comes with Key Manager. Isn't that sufficient. I am really confused. Any help would be helpful.
Many thanks....
I hope this explaination will help you out,
WSO2 Identity Server
WSO2 Identity Server is a fully fledged Identity Management Solution which supports Authentication, Authorization, Single Sign-On and Identity Federation to name a few capabilities. WSO2 Identity Server supports almost all major identity protocols such as SAML, OAuth2, OpenID Connect etc.Take a look at this page to get an idea about the capabilities of WSO2 Identity Server.
WSO2 API Manager
WSO2 API Manager, on the other hand, focuses on managing your APIs. Managing life cycle of your APIs, Authorization, Throttling, applying policies on API consumers are some of the functionalities handled by API manager. API manager has several components such as publisher, store, gateway, key manager, traffic manager that clearly separates different aspects of API Management.
So the Key manager component is responsible for managing OAuth applications, generate, validate and revoke OAuth2 Tokens. API has an inbuilt key manager component to handle these functionalities.
API Manager also offers the flexibility to use an external key manager instead of its inbuilt one should you require to do so. This external key manager needs to confirm to an interface specified by API manager. By default, API has an implementation of this interface that allows WSO2 Identity Server to used an external key manager.
So whether or not you want to use Identity Server or any other external key manager is totally dependent on your use case and the API traffic.
You can use WSO2 Identity Server for all the authentication/authorization stuff:
XACML Architecture solution.
SSO with anothers webapps or WSO2 tools.
Implement a Oauth2 autorization mechanish
Federate authentication
etc....
You can uso WSO2 API Manager for expose unsecure resultful apis or webservices as secure apis using Oauth with monitoring and billings functionallities
The key manager functionallity properly decouples the operations for creating OAuth applications and validating access tokens so that you can even plug in a third party-authorization server for key validations.
In a DEV enviroment you can work with WSO2 API Manager without the WSO2 Identity Server at all.
In a production enviroment it's recommended to use a separate WSO2 API Manager as a Key Manager or use the WSO2 Identity Server as the Key Manager
Many third-party services providers allow you to configure a "Webhook" (aka HTTP POST) to your system when an event occurs in their system. Service providers will use various methods of authentication (HMAC, OAuth, TLS, etc.).
For example, Company1 configures ServiceABC to send notification to http://company1.com/eventlistener when an event occurs in the service provider (eg transaction approved):
ServiceABC.com -> HTTP POST -> http://company1.com/eventlistener
http://company1.com/eventlistener is in the DMZ. It will authenticate the message and forward to back end service as appropriate.
[DMZ] http://company1.com/eventlistener -> | [Behind] http://backendUrl/service
In this example, assume the service provider does not support OAuth. Authentication is performed using a custom header scheme.
Can/Should the WSO2 API Manager be used in this scenario?
If not the API Manager, can the WSO2 ESB be used ?
API Manager is the right solution here. API Manager has 5 main components, gateway, publisher, store, keymanager and traffic manager. In the basic distributed setup these 5 components can run on 5 machines. API Publisher publishes APIs to gateway (real artifact of API are here) and store (virtual representation of API, to which can be subscribed, are here). Gateway exposes your APIs to outside. So it resides in DMZ. API Store also can be on DMZ depending on what you want. Keymanager handles authentication (eg. OAuth2) and should be in MZ. Traffic manager is used for request throttling.
Backend authentication can be done with a simple customization.
You can find clustering documentation here. APIM deployment patterns are here.
Hope this helps.
We are already using mule ESB in our infrastructure. Can API manager of WSO2 use mule ESB as API gateway instead of WSO2 ESB. If YEs, Can somebody please help me with Steps.
I have doubt how to achieve throttling and Rate limiting features of API manager in mule ESB if replaced and how seamless integration is?
This is possible due to the pluggable architecture of WSO2 API Manager, but this is not straight forward. The Gateway component of the API Manager handles Token Validation, Throttling, Caching and Mediation. Of these features Token Validation is configurable out of the box with any external Token Validating component since it uses Web service calls since it has a Web Service interface. The other 3 features will require customization at code level in order to function with Mule ESB. Therefore this is not the most recommended approach.
WSO2 API Manager can be used without an external ESB instance out of the box. So that would be the best way to use it.
I am evaluating the WSO2 API Manager. From a security perspective I have a couple of question on the API Manager capabilities, which I was not able to find through the documentation:
Does WSO2 API Server support security features by detecting/checking the content on incoming messages for attacks, redirection/traffic routing? If yes, how does it support?
Do the GUI portals offered by WSO2 (API Portal, API Publisher, etc) enable protection against cross-site scripting, SQL injection and XML content or structural threats and viruses?
Thanks in advance.
Regards,
Ritwik
Yes, WSO2 API Manager's API Gateway is essentially an ESB and can check the content of incoming requests and detect message attacks. It is also possible to route traffic. You can direct access the API definition from the admin console of the API Manager (or directly from the file system)
Yes both the API Store and Publisher is secured against cross site scripting, SQL injection and XML content threats