Tech Journey

When a consumer attempts to consume a REST API, if the API is secured using some authentication protocol (e.g Basic , Kerberos, NTLM) the consumer has to prove his authentication to the API by sending credentials or relevant token through authorization headers. By default ESB REST APIs does not include any security and from this blog post I will speak about how to make the APIs secured using kerberos. I have used main 3 components ;  Active Directory as the KDC , ESB server as the resource server and a C#.net client to invoke the rest APIs in ESB server. The design of the implementation is as below. The Design of the Kerberos Communication 1. Client tries to invoke the ESB proxy 2. The server responds with 401 unauthorized 3. Client requests a kerberos service ticket from active directory 4. If user is identified by the KDC (AD) it will send the SGT to the client 5. Client wraps the SPENEGO token in the request HTTP header and resend to ESB 6. ESB sees the HTTP header w

At the time when I'm writing this APPM 2.1.0 is yet to release and I will use APPM 2.1.0 Alpha pack to obtain business owner details. How to register the API client application   We can use post man client to send below payload with the headers to register API client application. Headers Authorization : Basic YWRtaW46YWRtaW4= ('YWRtaW46YWRtaW4=' is base64 encoded value of admin:admin) Content-Type  :application/json Payload { "callbackUrl":"www.google.lk",clientName":"app_11_04_0013","tokenScope": "Production","owner":"admin","grantType":"password refresh_token","saasApp":true} The sample response is as below {"clientId":"9Xb0a5VIqM3lh40Sz9nKNDTHK5ga","clientName":"app_11_04_0013", "CallBackURL":"www.google.lk","clientSecret":"Jxq

Prerequisites * Jdk 1.624 or later ,1.7 or 1.8 with JAVA_HOME environmental variable in windows environment. * Yet Another Java Service Wrapper ( YAJSW ) version 11.03 (you can download it from here . Configuring wrapper.conf file in YAJSW   We need to configure wrapper.conf file which is located inside {yajsw-Home} /conf as below. We can just copy and paste the configurations from wrapper.conf file which is located inside {wso2is-5.1.0_Home}/bin/yajsw to wrapper.conf file in {yajsw-Home} /conf. Setting Up Carbon_Home in Windows 7  You can use below steps to configure Carbon_Home 1. Right click on the computer icon 2. Choose properties 3. Click on Advanced Settings link 4. Click Environmental Variables 5. Add a new system variable by providing       Variable name :CARBON_HOME      Variable value :D:\Hasanthi\wso2is-5.1.0 (path to the extracted Identity   Server) Running the product   1. Use windows command prompt and go to bat folder inside  {yajsw-Home} 

When we are invoking an endpoint in oauth2 war from a javascript of a web app which is located in a different domain than identity server domain we are getting "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://XXXXXXX is therefore not allowed access." The issue is occurring as the script on your page is running from a specifc domain and would try to request the resource via an XmlHttpRequest or XDomainRequst from a different domain as this is a cross -origin request. In order to get rid of this we need to enable this by sending below header using a custom filter.  Access-Control-Allow-Origin: http: //example.com   (Here  http://example.com is the domain name of where page with that script is hosted) Invoking UserInfo endpoint of wso2 Identity Server from JavaScript We have two possible solutions to apply the CORS header.  1. Customizing OpenIDConnectUserEndpoint.java as below and replacing the oauth

First we need to create an API in wso2 API Manager and obtain the client id and secret. Then we can use travelocity sample application in wso2 Identity server to generate access token. Configure travelocity Sample Application In order to use travelocity sample application we need to change following configurations in travelocity.properties file which is located in  <Tomcat_Home>/webapps/travelocity.com/WEB-INF/classes EnableSAML2Grant=true OAuth2.TokenURL=https://localhost:8244/token (This is the token endpoint of APIM. The APIM is running with a port offset of 1) OAuth2.ClientId=TTAoWMohG0lcO8UmN8CRskDT0uMa (Client Id and Client Secret of API) OAuth2.ClientSecret=tFdgrDb8BNxPkqWoBmTL7rvGBLEa Configure Identity Server to add travelocty application   The AudienceRestriction and the Recipient values we configure here should be equal and the same value shuld be configured as the alias. Configure Identiy Provider in APIM   The public cer

Wso2 uses MetricsDB to monitor the useful metrics in wso2 servers. The data stored in the MetricsDB are not critical for the server functionality but the data is very important to analyze the server performance when there is an issue. We can see the metrics and get an idea how the server behaved. Enabling Metrics  The metrics feature can be enabled from $CARBON_HOME/repository/conf/metrics.xml by making <Enabled>true</Enabled> . Also we can, use -Dmetrics.enabled=true at the server start up to enable Metrics feature without editing the metrics.xml configuration file. View the Metrics DB in default h2 1. Uncomment the following lines in wso2 carbon.xml located in {Carbon_Home}/repository/conf.     <H2DatabaseConfiguration>         <property name="web" />         <property name="webPort">8082</property>         <property name="webAllowOthers" />     </H2DatabaseConfiguration> 2. Restart the se