Does anyone know how to sign a SOAP envelope with X.509 certificate in Apigee? I need to add a new webservice to Apigee Proxy. However this service is secured by SSL. I tried with http://apigee.com/docs/api-services/content/client-ssl-backend-servers however is doesn't work form me. I've added certificate to Apigee. And I can see it Apigee
myCertKeystore
{
"certs" : [ "myCert.crt.pem" ],
"keys" : [ "myCert" ],
"name" : "myCertKeystore"
}
I've also assigned this certificate to my TargetEndpoint
<HTTPTargetConnection>
<SSLInfo>
<Enabled>true</Enabled>
<ClientAuthEnabled>true</ClientAuthEnabled>
<KeyStore>myCertKeystore</KeyStore>
<KeyAlias>myCert</KeyAlias>
</SSLInfo>
<URL>https://mywebsercive.url/xxx</URL>
</HTTPTargetConnection>
But it doesn't work. Is there any way to force Apigee to sign a SOAP request?
Any help would be appreciated.
Regards,
Tom
There is no out-of-box way to sign soap requests. Need to use javacallouts or scripting to do so. The use of keystore is to validate target backend server SSL. This is entirely a different thing and not related to soap request signing. Hope this helps.
Related
I have a client written by C, it uses libcurl to send json to a restful api service(say it server). The server was written by java, the restful api was implemented by jersey, one of JAX-RS( It's very simple and can switch to another JAX-RS implementation). Now I want to do some security work between the C client access to the java restful api server. I searched on the Internet that seems I should use kerberos or spnego for the HTTP access. I met some problem.
I want to use kerberos/spnego authentication. But I look through the security part of jersey doc (https://jersey.java.net/documentation/latest/security.html) and I didn't found any kerberos related doc. Do you know whether jersey support kerberos ?
If I switch to Apache CXF,is it easy to switch ? I checked the doc about CXF kerberos support. Looks like it's too simple, do you have any detail doc or simple example to support kerberos authentication when using Apache CXF ?
If there is anything wrong, please correct me. Thanks.
This is achievable with Jersey. Jersey Client uses ClosableHttpClient in its implementation.
If you want to use SPNEGO authentication scheme for Kerberos, you may have to write a custom Connector and ConnectorProvider [ I haven't found a way to set AuthenticationScheme with ApacheConnector].
Check this post too for reference if it solves your usecase Can JCIFS be used with Jersey? :)
I have a lot of proxies in WSO2 ESB that I have to securize. I need them to be securized using Username Token when deploy, instead of browsing to the dashboard and enabling it one by one.
Any help?
I guess currently, you need to use management console and do it. From the UI, it is calling a backend web service. You can automate process by automating this backend web service. This web service is exposed by following component [1]. You can use soapui or some client program to automate this web service.
[1] http://svn.wso2.org/repos/wso2/carbon/platform/trunk/components/security/org.wso2.carbon.security.mgt/
I had similar requirement, here is how I solved it
Apply Role security to WSO2 ESB Proxy using Java API
Also you can find the test case here on how to use the methods
http://svn.wso2.org/repos/wso2/tags/carbon/3.2.3/products/bps/2.1.1/modules/integration/org.wso2.bps.management.test/src/test/java/org/wso2/bps/management/SecurityTest.java
Well here how the code snippet goes to secure any proxy service with default security scenarios of WSO2 ESB. In WSO2 ESB "scenario1" signifies Usernametoken based security. Now if you wish to secure your proxy with scenario1 follow the below code snippet:
public void applySecurityOnService(String serviceName, String policyId,
String[] userGroups, String[] trustedKeyStoreArray,
String privateStore)
throws SecurityAdminServiceSecurityConfigExceptionException,
RemoteException {
ApplySecurity applySecurity;
applySecurity = new ApplySecurity();
applySecurity.setServiceName(serviceName);
applySecurity.setPolicyId("scenario" + policyId); //scenario1 i.e. for Usernametoken security policyId should be 1
applySecurity.setTrustedStores(trustedKeyStoreArray);
applySecurity.setPrivateStore(privateStore);
applySecurity.setUserGroupNames(userGroups);
stub.applySecurity(applySecurity);
_logger.info("Security Applied Successfully");
}
Here is how you may call this method from your client class:
applySecurityOnService("MyProxy", "1", new String[]{"TestRole"}, new String[]{"wso2carbon.jks"}, "wso2carbon.jks");
I wonder if it is possible to send an HTTP request throuht WSO2 ESB. I have an integration with a system that consist only in invoking an URL... it would be like a kind of redirection.
Can I do that in WSO2 ESB?
Regards
I have found this link about restfull services in WSO2 ESB:
http://wso2.org/library/articles/2012/10/implementing-restful-services-wso2-esb
I think this is a better way to handle http requests & responses in wso2 esb, rather than the way they are treated in the links you provide. What do you think about that?
Below links will be help you to find a solution to your question.
http://wso2.org/library/knowledge-base/2011/03/handling-httpget-request-invoking-external-web-service-wso2-esb
http://docs.wso2.org/wiki/display/ESB451/Handling+HTTP-get+Requests+from+WSO2+ESB+and+Calling+an+External+Web+Service
I have web service secured with SPNego (HTTP challenge returns WWW-Authenticate: Negotiate). This security mode is also referred as Windows integrated authentication. Is it possible to use SoapUI to test this service? It looks like SoapUI (4.0.0) ends communication once it gets challenge 401 HTTP response instead of following negotiation algorithm.
please see answer to the same question here:
Testing web service with SoapUI and Windows authentication
working solution is to use proxy for adding Windows authentication headers to your requests
What is X.509?
How does one use it in REST web service for authentication?
X.509
As stated above in comments your question is too bread.
I assume that you mean authetication using SSL with Client Authentication. But may be you mean something else...
Anyway, Basically you need to configure SSL with Client Authentication.
Most servlet containers (like Tomcat) or Web Servers (like Apache) can do it for you.
Here's guide how to configure SSL in Tomcat. Pay attention that clientAuth should be true,