I read the post at WSO2 API Manager and XACML Entitlement which says that a configuration file in API Manager can be modified to use an entitlement mediator in "the in sequence".
I know how to edit this configuration through the web interface. But which file contains this configuration?
This configuration doesn't have a element or element (except for the elements in elements). Exactly where should I put the element?
If I create my own entitlement mediator, how do I plug it in or make it available to the API Manager?
Go to APIM distribution,HOME\repository\deployment\server\synapse-configs\default\api folder,where you will see the api configurations, which you create from publisher. Add your mediator there, by editing the configuration and restart the server.
Related
When I was trying "JSON/XML Threat Protection for API Gateway" in WSO2 APIM 3.1.0, by adding a mediation policy. It isn't considering the custom policy that I've written, it's taking the default values which are 100.
Anything more I should be adding, please suggest!
Once a new mediation sequence is implemented, it needs to be upload and select as a mediation sequence in the "Message Mediation" section. Once selected need to republish to apply the changes.
You can confirm this by checking the generated sequences file in the <AM_HOME>/repository/deployment/server/synapse-configs/default/sequences. The file format will be <provider>--<API-Name>_v<Version>--<Direction>.xml
I'm working on a master's degree project which the main goal is wso2 study.
Through wso2 I need to be able to:
Do protocol Bridging (eg: rest to soap);
Apply data transformation (apply xslt on xml);
Content based routing;
Load balancing;
Create authentication and authorization layer to legacy services (authentication via oauth 1.0a);
Exception shielding;
Service monitoring;
Services lifecycle control;
So, my question is: do I need any other wso2 product, or ESB is just fine? For example to implement the security layer and all the load balance stuff do I need to add wso2 identity server and wso2 elastic load balancer?
Or even more: do I need to extend the esb by writing custom code to solve any of this issues? In which cases extend the esb is the only way to go?
I hope to do not be naive trying to solve all this complicated issues, but I'm kinda lost on this big swiss knife that wso2 is.
Thanks
Please find my answer..
Do protocol Bridging (eg: rest to soap ---> ESB
Apply data transformation (apply xslt on xml) ----> ESB
Content based routing ----> ESB
Load balancing ---> ESB can be used. But i prefer Apache HTTP and Nginx. They are more intended for that purpose
Create authentication and authorization layer to legacy services (authentication via oauth 1.0a) --> ESB can be used. But you need an OAuth2 Authorization server for token validation. Also, XACML PDP for policy validation. Both are available with Identity Server. According to the Carbon, you can install those features with ESB as well. But it is not recommended much. Please see more details from here
Exception shielding ---> ESB
Service monitoring ----> ESB can be used. But if more, you can use BAM
Services lifecycle control ---> ESB can be used. If needed more, you can install G-reg features
I think. It is only enough to use WSO2 ESB and WSO2 IS for this purpose. Sometime you may need to write some code. But it is easy as there are lot of samples are available freely.
I would like to monitor the logins/logouts (and perhaps other admin services) from a WSO2 Identity Server to WSO2 Buisness Activity Monitor. I found a couple of articles on how to do it, using an WSO2 ESB or/and WSO2 AS. However I would like to do it without the ESB/AS.
Is this possible? And if so how?
Generic way of monitoring a server by BAM is through a custom data agent. Follow [1] for referring how to write a BAM data agent. You can write a data agent to monitor WSO2 Identity Server (IS) which publishes events from IS to BAM.
[1] http://docs.wso2.org/display/BAM230/Data+Publisher
I assume you are referring to the articles explaining how to configure log4j logging to log to the BAM server for storage in Cassandra. They are applicable to the IS server as well since the IS is, just as all WSO2 products, based on the same base product called 'Carbon'.
If you specifically want to log only the login/logout events and not any additional logging you could adjust the appender in such a way that only the following class will log to that appender (as shown here: log4j: Log output of a specific class to a specific appender):
log4j.logger.org.wso2.carbon.core.services.util.CarbonAuthenticationUtil=INFO, LOGEVENT
log4j.additivity.org.wso2.carbon.core.services.util.CarbonAuthenticationUtil=false
I have downloaded the new version of API Manager 1.0.0 GA.
I am confused about publishing the WSDLs, since that has not a related API KEY, everyone can access it.
For that reason I have tried to add access token from ESB, but that will not authenticate the API Manager's Users (like Apisubscriber) only the users inside the ESB (even if I have configured an external JDBC db for both APIManager and ESB user-mgt.xml).
So, is there a way to create an API key for WSDLs as well from the API Manager? Or How do I control the access to the published WSDLs in the API store?
Many thanks
EDIT:
From the ESB I have added security to the service by using the built-in security scenarios, in my case I have used "UsernameToken". This authenticates users based on roles defined in the ESB "admin/everyone..." and only accepts users defined in the ESB's user store "admin/admin" (and others you might have created).
I have ESB and AM configured to share the same mysqlDB for user store, but that does not work in my Security Scenario described before: if I create a user "apicreator" inside AP and I create "usertest" inside ESB, they store the users inside the same MySQL db, but under different "tentant", i.e. "apicreator" is not a valid user to authenticate in my Security Scenario (UsernameToken). I hope this description helps to clarify the problem. thanks
With WSO2 API Manager, you couldn't control the access to a published WSDL in API Store.Currently there's no way of creating an API key for WSDLs as well from the API Manager.But that controlling has to be done through your back-end service. How-ever when creating an API from WSO2 API Manager ,giving the Wsdl url as an input is not a required field,but an optional field.
Apart from that I'm not clear about your following phrase."For that reason I have tried to add access token from ESB, but that will not authenticate the API Manager's Users (like Apisubscriber) only the users inside the ESB".Can you explain a bit more what you mean by "add access token from ESB"?
Thanks;
/Lalaji
Myself: New to WSO2, Evaluating multiple ESB products
Here is what I am trying to do with wso2 ESB
Application "A" will send a zipcode (SOAP-WDSL) to WSO2-ESB
WSo2 will use that zip-code and query National WeatherService and obtain
the Lati-Long for zipcode
LatLonListZipCode method at
http://graphical.weather.gov/xml/SOAP_server/ndfdXMLserver.php?wsdl
Return the lat-Lon to Application "A"
Would someone please guide me , like where to start and the components needed so forth?
I am kind of confused by all the terminologies and over complicated product names and hierarchy (carbon, oxygen so forth)
For your requirement what you simply need is to create a Proxy service in WSO2 ESB to invoke this Backend service. (National WeatherService)
If you want to get started with WSO2 ESB I recommend you to 1st go though. WSO2 ESB Sample guide and WSO2 ESB Configuration. Where you can get a head start using that.
For your scenario you can simply follow the below steps to create a simple WSDL Proxy create a working scenario which you can later improve (ex with routing , monitoring etc..)
1) Login to WSO2 ESB.
2) Go to Proxy Service Adding Section
3) Select WSDL Based Proxy as the Template
4) Give a Proxy name , WSDL url , Service name (ndfdXML) , WSDL Port (ndfdXMLPort) and tick Publish Same Service Contract
And create the service.
Now you have exposed the same service though WSO2 ESB. You can go to service list section.Get the Service EPR details and invoke the service using your application.
Below is a nice work done for beginners. Someting similar to your case
http://dakshithar.blogspot.com/2012/07/routing-and-service-chaining-with-wso2.html