Using wso2 api manager. I cannot publish an existing SOAP service that has a basic auth (in the back end). The publisher interface let you insert the wsdl location, but obviously it requires a basic auth (in fact i have a 401 error in the log).
I tried to put username and password in the url like https://username:pwd#server... but it does not work.
Thank you
Related
As the title states, when I send a request from soapUI to an SAP web service I am returned with an XML that contains a "401 Nicht autorisiert" error message in it. Since it is an SAP web service, I do have to input credentials when I create the new project, but those are the only credentials I have input before running the project.
With the same credentials, I am able to create a request and not receive an error message when I use the Postman interface.
Could this be an issue with the web service configuration, or is this an authorization issue with soapUI?
Links to images:
SoapUI: https://imgur.com/2ZOBMgZ
Postman: https://imgur.com/M1SOCgG
From your images it looks like the Authorization: Basic... header is not being sent as part of your HTTP request out of soapUI and I assume your service doesn't challenge for the credentials in a way that soapUI understands.
One way around this is to click the Authenticate pre-emptively radio button on the basic authorization dialog box. This will construct and send the header the same way as Postman.
I am very new to WSO2 API manager and trying out my very first simple restful api. which returns json response and has no security since it is an internal api.
I installed WSO2 API manager locally and trying to call the rest api on my dev server which uses http and no security as I mentioned earlier.
Here is how my get url looks like:
and here is my url looks like for production and sandbox environment:
I don't have any message mediation enabled.
I went to the API store and created a trial application (so that I can get the access token. Eventhough, my dev environment api has no security, I was reading that for throttling and other purpose, I need to pass bearer token to the WSO2 api OR it will reject the request.)
When I am trying to consume the api, I get the following binary message.
Is there any way I can see the proxy log on WSO2 server so that I can see the request and its header sent to my dev server?
How can I fix this binary response to get the proper json response?
I searched all over and can't find solution to it.
You can use below steps on WSO2 ESB or APIM to enable Wire Logs.
Uncomment below line in /repository/conf/log4j.properties
log4j.logger.org.apache.synapse.transport.http.wire=DEBUG
Restart Server.
Source - http://lakshanigamage.blogspot.com/2015/03/how-to-enable-wire-logs-in-wso2-esbapim.html
I went through this tutorial on KONG
https://getkong.org/plugins/jwt/
I have an understanding of JWT and authorization concepts. I have prototyped JWT with Spring Boot where I could put my own key value like this {"authorizations":"role_admin, role_user"}.
It is easy to do that in Spring Boot but I am not able to find information on how to do this with KONG. Anyone has any info about it?
Kong community edition can handle only the authentication process, (give or deny access to a customer).
Authorization process (what a given customer can do in your application) is handled by your application or by https://getkong.org/plugins/ee-oauth2-introspection/ oauth2 introspection plugin which is enterprise edition only
you can write your own authorization server based on X-Consumer-Username request header if user passed authentication or original token header proxied by kong
hope helps
The kong jwt plugin does not support sending custom payload parameters to the upstream api. It does however seem like you can use this plugin (I have not tested it):
https://github.com/wshirey/kong-plugin-jwt-claims-headers
Update:
If you set Kong to forward all headers you'll get the raw Authorization header with the jwt token. So you could base64 decode the jwt token and pull out the claims/payload parameters you need manually in your service.
We are using Apigee as our Authorization Server (AS) and we have a few Spring Restful services deployed in IBM Bluemix public cloud which acts as our Resource server (RS).
Each of the services has an equivalent proxy service configured in Apigee. For the proxy services, we have configured the VerifyOAuthTokens policy to verify the token passed by the user and return an error if invalid token is passed
The problem is, since our RS is in the public cloud (no plans or need of moving to a dedicated or private cloud) the api endpoints are open and can be invoked by anyone who knows the url.Though the expectation is everyone should call the apis via APIGEE proxies but we cannot force that since we are in public cloud and there are no options of opening ports coming from apigee or something. We would like to take the following approach to secure the api endpoints.
Accept the Authorization header for each call
Take the token and call a validate token service in Apigee
For 2, We are not able to find an APIGEE api which can validate an access token similar to say googles
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=1/fFBGRNJru1FQd44AzqT3Zg
or Github's
GET /applications/:client_id/tokens/:access_token
Is there actually an external APIGEE service to validate a token?
If not, what would be the best way to make sure that only valid users with valid tokens can access the apis?
Thanks,
Tatha
Did you look at this post in the Apigee Community: Using third-party OAuth tokens
We did something similar to this but not using oauth tokens. We used Apigee to do a callout to a third party IDP (identity provider). The 3rd party IDP wasn't able to generate tokens but exposed a web service to authenticate the user. If the user was authenticated successfully (based on interpreting the result received back from the target endpoint webservice), then you tell Apigee that it was successful by setting the external authorization status to true (step #2 in the link).
NOTE: this has to be done inside an Assign Message Policy step PRIOR to the GenerateAccess token operation. Apigee interprets this as a successful authorization and then can generate a valid oauth token that the caller can then send along to access the protected API.
I am trying to publish SOAP APIs in WSO2 using the endpoint security scheme. I am using it as basic authorization and putting in credentials, but it seems to not be calling the backend API with those creds. Right now I can as a workaround pass in the basic auth headers myself, along with an Oauth2 token (in the header) to hit the published API in the store.
Am I just going about this wrong?
Using WSO2 API Manager 1.6
EDIT: I have replicated this issue in WSO2 API MANAGER 1.8. Viewing the packets in wireshark, it is making the request without adding the authorization. Restful calls with embedded authentication on the WSO2 layer seem to be working fine.
You can publish SOAP/REST APi's in WSO2 API Manager. You need to pass in the username password, along with the Authorization header which is base64 encoding (consumer key:consumer secret), You can follow the blog post [1] on how to consume a SOAP API & [2] for more information on tokens.
[1] http://charithaka.blogspot.com/2012/07/consuming-soap-service-using-wso2-api.html
[2] http://lalajisureshika.blogspot.com/2012/11/generate-application-tokens-user-tokens.html
The above blog [1] &[2] refers to a API Manager older release, hence you will need to refer to WSO2 API manager 1.6 releases documents [3] for API key generation etc.. However, to find out how to publish SOAP API's you could use the blog pointed out.
[3] https://docs.wso2.com/display/AM160