Calling a REST service from JBPM over a proxy - rest

Calling a rest service (hosted on internet) from JBPM REST service task, JBPM server is behind proxy and cannot do the name resolution with local lan DNS. I have tried adding httpProxy settings and a specific name server spi but name resolution still fails.
Any thoughts?

Related

OSB set external ip in generated wsdl

We are using Oracle Service Bus 12c. On our developer server, the default domain configured in jDeveloper runs. The OSB exposes the defined SOAP services locally on port 7101. We wanted these services to be accessible also externally, so we forwarded a port from a firewall server.
Now the SOAP service can be called from the outside, but the generated WSDL (at [serviceurl]?wsdl) states localhost in the address tag at the binding as the location of the server instead of the firewall's IP.
I have tried to set the frontend host and the remote address overwrite properties under protocols -> http for the server, but neither changed the value in the generated WSDL.
Where can I configure the server location for the generated WSDLs?

How do you deploy Identity Server on Kubernetes?

I want to deploy Identity Server 4 on Kubernetes 1.8, and use this as a Federation Gateway between my web application and Azure Active Directory (to begin with).
If I call Identity Server from my web application using the local k8s service name, my users are redirected to the wrong Identity Server URL (containing the local k8s service name) during Sign in which clearly won't work. We are using an implicit flow.
I therefore setup a Azure Load balancer with dns name and configured Identity Server to be externally accessible with the domain name as the PublicOrigin URL.
However, my web application which runs in the same cluster cannot access Identity Server using the external URL of the Identity Server (discovery fails).
If I run Identity Server on another Kubernetes cluster then everything works fine.
My question is:
How do you properly deploy Identity Server in Kubernetes? Do I really need another Kubernetes cluster?
Note: I am using Kubernetes on Azure created with ACS engine (because we have mixed windows and linux containers).
I'm using AKS (Azure managed kubernetes) and have a single client asp.net core 2 web app in the same cluster as my IS4 service with no issues. Both webapps are fronted by Nginx with kube-lego for LetsEncrpyt TLS support, and DNS is provided by Azure DNS.
I'm not using the PublicOrigin but instead the client app's Authority (in the openidconnect setup) uses the full (external Azure) DNS name of the IS4 service. You can use PublicOrigin if you want to use the cluster service naming from your clients

Azure Service Fabric: Make endpoint Input and Internal for identity server 4

I want to run an application on Azure service fabric. One service should serve as identity provider. So I installed identity server 4 package on that 'usermanager'. I have also two other services which should use this usermanager for authentication and authorization.
That works on localhost. But on Azure I have the problem that an endpoint must be 'Input' or 'Internal' in my service manifest. But for my usermanager I need both input and internal.
<Endpoint Protocol="http" Name="IdentityServerEndpoint" Type="Input" Port="5000" />
/.well-known/openid-configuration needs 'Internal' and
/connect/authorize?xxxxxx needs 'Input'
I found that for Input endpoints azure service fabric uses the full qualified domain name and for internal endpoints it uses the ip address of the lokal network like 10.0.0.4.
Is there a solution to make an endpoint both input and internal?
Or is there a solution to make identity server 4 to handle two endpoints?
Any ideas to solve this problem?
Believe it or not, the "Type" field in the Endpoint config doesn't actually do anything on any hosting platform. It's just metadata that you can configure and use in your code (basically a way for you to set your own policies). It doesn't matter what you put there otherwise.
Ultimately, you're opening an endpoint on a process on a VM. That endpoint will be open on the VM's IP and the port you choose, e.g., 10.0.0.1:5000.
If you want that endpoint to also be available on your cluster's VIP and FQDN, that configuration is external to Service Fabric. In Azure you just need to configure the Azure Load Balancer to forward external traffic on the port your service is listening on. See here for more info on that: https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-connect-and-communicate-with-services#connections-from-external-clients

Intercept all outgoing connections made by a process to redirect it to a localhost proxy

I am working in an environment where there are multiple services hosted. A service(consider web services) exposes some APIs and also acts as client to call other services too.
Now what I want to achieve is that if Service A (acting as client) wants to talk to Service B(acting as server here) using http , then I want to intercept outgoing HTTP request and redirect it to localhost proxy.
There are multiple services running on a host and a service also talks to multiple other services, so I don't want to change the configuration of every outgoing endpoint configuration to point to proxy.
Sample configurations:
Following are the services endpoint which service A connects while doing some processing like:
a1.example.com:2430
a2.example.com:8280
a3.example.com:4380
a4.example.com:4280
a5.example.com:3158
a6.example.com:8238
I have looked into configuring squid proxy as transparent proxy. But how should I enforce every outgoing connection (with different destination ports ) to redirect to localhost proxy.

Hosting WWW and RESTful service ont the same machine

Can a WCF RESTful service and a regular site/www service be hosted concurrently? Or do I need a seperate machine to host WCF?
Thanks.
Yes. they can be hosted on the same machine (depending on whether you are using shared hosting). If you have the permission, you just need to bind them to different ports.
For example, if your website is hosted on port 80 (which is usually the default), then you can create another website on the same machine hosted on port 8080 for the WCF HTTP service.
If your website is a .NET app pool, you can even host the WCF service inside the same app pool as your website, by using a virtual directory.
Also, you can host multiple websites on the same port if you differentiate them by host headers.