My Blazor WASM (hosted) app is spending quite a long time (~10s) in the authentication process when I open the webpage for the first time and eventually logs
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
Afterwards, it continues to show all content which is not wrapped in an Authorized tag.
In App.razor I use the Authorizing component and it shows its content ("Determining session state...") for a long time until it continues (see App.razor below).
The authentication in my app happens through an endpoint /authentication/login which forwards the user to Auth0 as identity provider using the
<RemoteAuthenticatorView Action="#Action">
component and the configuration in Program.cs
builder.Services.AddOidcAuthentication(options =>
{
builder.Configuration.Bind("Auth0", options.ProviderOptions);
options.ProviderOptions.ResponseType = "code";
options.ProviderOptions.AdditionalProviderParameters.Add(
"audience", builder.Configuration["Auth0:Audience"]);
});
App.razor
<CascadingAuthenticationState>
<Router AppAssembly="#typeof(App).Assembly">
<Found Context="routeData">
<AuthorizeRouteView RouteData="#routeData" DefaultLayout="#typeof(MainLayout)">
<Authorizing>
<p>Determining session state, please wait...</p>
</Authorizing>
<NotAuthorized>
<h1>Sorry</h1>
<p>You are not authorized to view this page</p>
</NotAuthorized>
</AuthorizeRouteView>
<FocusOnNavigate RouteData="#routeData" Selector="h1"/>
</Found>
<NotFound>
<PageTitle>Not found</PageTitle>
<LayoutView Layout="#typeof(MainLayout)">
<p role="alert">Sorry, there's nothing at this address.</p>
</LayoutView>
</NotFound>
</Router>
</CascadingAuthenticationState>
Related
I am sorry i have much trouble understanding Firebase Dynamic links.
My use case is : a user wants to reset his password from the mobile app (or send an email verification).
The request is made using Firebase Authentication with a custom handler (with custom domain : https://example.com/auth)
The ActionCodeSettings looks like :
final ActionCodeSettings codeSettings = ActionCodeSettings(
url: 'https://links.example.com/auth?email=$email',
iOSBundleId: Constants.iosBundleID,
androidPackageName: Constants.androidBundleID,
androidInstallApp: true,
dynamicLinkDomain: "links.example.com",
);
The user clicks on the link he received by email and gets redirected to the website (hosted by Firebase Hosting under : example.com)
When the user has finished resetting his password, i would expect to redirect him by "launching" the continueUrl that should take him back to the mobile app. continueUrl : 'https://links.example.com/auth?email=$email'
However this doesn't work so i am guessing that i am doing something wrong somewhere.
In my iOS config, i have added the Associated Domains as : applinks:links.example.com.
In the Info.plist file i have added :
<key>FirebaseDynamicLinksCustomDomains</key>
<array>
<string>https://links.example.com/auth</string>
</array>
(and have also tried with : <string>https://links.example.com</string>)
In my Android config I have added this to my AndroidManifest.xml :
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:host="links.example.com" android:scheme="https"/>
</intent-filter>
Fun fact, on Android after the above steps are completed (on website from the smartphone), if i launch the continueUrl it prompts the user whether to redirect back to the app or stay on the browser to open the URL.
I have of course created a sub-domain : links.example.com in the Firebase Dynamic links console as an URL prefix.
Here are my questions :
Is the continueUrl supposed to redirect back to the app ?
In the ActionCodeSettings continueUrl described above is correct? I see in the documentation always using example.com as the continueUrl, but it would be in conflict with the custom domain used for hosting right ? So i have put links.example.com as the continueUrl and the custom Firebase auth handler is example.com/auth to indeed redirect to the correct web page in my website.
What is the Hosting firebase.json configuration for such case ?
The final link looks like this :
https://example.com/auth?mode=resetPassword&oobCode=T0qn8aj_p7TJBWyE5eUh7_7ZwIqwtJ7Q-i8LDf4QrIsAAAF_u6Bi6Q&apiKey=AIzaSyAzPqhZFKAyfQDeN4DGGjI9VCTEBe_mLc4&continueUrl=https%3A%2F%2Flinks.example.com%3Flink%3Dhttps%3A%2F%2Flinks.example.com%2Fauth%3Femail%253Dtestmail12%40gmail.com%26apn%3Dcom.example.android%26amv%26ibi%3Dcom.example.ios%26ifl%3Dhttps%3A%2F%2Flinks.example.com%2Fauth%3Femail%253Dtestmail12%40gmail.com&lang=fr
Do you see anything wrong or missing ? Something that would prevent the mobile app redirection after the operation completes ?
What should I do with the continueUrl param to gets redirected to the app ? Is it automatically done after some event or should the developer writes code to "push" a new web page containing this link and it will see automatically that's not a link to handle in a web page, thus redirect to the mobile app ?
Thanks a lot in advance for any explanations on how this works !
I have finally understood how this works :
The continueUrl must be the one used to handle back in the mobile app so if you use :
url: 'https://links.example.com/auth?email=$email',
This means you have to create a dynamic link prefix URL : https://links.example.com/auth in the firebase console.
You must also add it to your iOS Info.plist file as stated in the question.
Also, when you use a custom domain you need to make sure as stated in the documentation that the URL prefix and the domain are different such as :
https://link.example.com/?link=https://example.com/my-resource
And not :
https://example.com/?link=https://example.com/my-resource
This means that by using https://links.example.com/auth as URL prefix, you need to use another domain to deal with the link.
In my case, i have built the url this way :
https://links.example.com/?link=https://redirect.example.com/auth
And added https://redirect.example.com/auth as URL prefix.
This prevent both conflicts between example.com at the hosting level and links.example.com from having both link domain name AND Url prefix identical.
Also, don't forget to add new dynamic links domain as whitelisted domains in the Firebase Authentication Sign-In methods in Firebase console or you will get a domain-denied error.
Hope this will help others to understand better how this works.
I'm working through the example application here: https://github.com/FusionAuth/fusionauth-example-asp-netcore and am running into a situation where the claim is present in the token issued by the OIDC provider, but is not available to the authorization policy I'm creating.
I'm using .NET core 3.1 and these are my dependencies:
<ItemGroup>
<PackageReference Include="IdentityModel.AspNetCore" Version="1.0.0-rc.4.1" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="3.1.3" />
</ItemGroup>
Rather than checking the applicationId as the example does, I want to check the aud claim at this point:
https://github.com/FusionAuth/fusionauth-example-asp-netcore/blob/master/SampleApp/Startup.cs#L35
So the code adding the policy looks like:
// Configure your policies
services.AddAuthorization(options =>
options.AddPolicy("Registered",
policy => policy.RequireClaim("aud", Configuration["SampleApp:ClientId"])));
But the policy fails, and I'm denied access to the secure page. If I change the policy to look like this:
// Configure your policies
services.AddAuthorization(options =>
options.AddPolicy("Registered",
policy => policy.RequireClaim("sub")));
It succeeds, showing me the secured page (so I have a sub claim).
I have tried the following to debug this:
Ensured the OIDC server generates a JWT with the aud claim (the server is FusionAuth if that matters). It does.
Changing the policy so any aud claim is authorized. I'm still prevented from viewing the secure page.
Adding various events to options.events in the AddOpenIdConnect method ( https://github.com/FusionAuth/fusionauth-example-asp-netcore/blob/master/SampleApp/Startup.cs#L47 ). I added OnTokenResponseReceived and OnTokenValidated and printed out the token claims received. In both these cases, I see the aud claim.
Is there some filtering going on? I have googled around and haven't seen anything. There's a recommendation to add this line:
JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
because the framework code does some claim mapping, but that didn't seem to help with my issue.
Any suggestions on what I can do to ensure the aud claim is checked by the authorization service would be welcome.
So the issue is that there are default claim actions in the OIDC options.
https://github.com/dotnet/aspnetcore/blob/v3.1.19/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectOptions.cs shows, for 3.1.x:
// ...
ClaimActions.DeleteClaim("nonce");
ClaimActions.DeleteClaim("aud");
ClaimActions.DeleteClaim("azp");
ClaimActions.DeleteClaim("acr");
// more claims modification
If you delete the relevant claim action:
options.ClaimActions.Remove("aud");
The aud claim is then available to the policy.
More on claim actions: https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authentication.oauth.claims.claimactioncollection?view=aspnetcore-3.1
I'm trying to create a simple .NET Core 3.1 MVC app that requires authentication through Azure Active Directory, with B2C.
I've read multiple documentations, but still coudn't get it to work. I'm able to run the user flow succesfully (received info in https://jwt.ms/). However, if I'm running my application, this is what happens:
User clicks on link to login
Browser goes to: https://{myb2cdomain}.b2clogin.com/{myb2cdomain}.onmicrosoft.com/b2c_1_susi/oauth2/v2.0/authorize?client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&redirect_uri=https%3A%2F%2Flocalhost%3A5000%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access%20&response_mode=form_post&nonce={long.string}&client_info=1&state={long.string2}&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
Browser goes to https://jwt.ms/. The fields are empty
I took an example project (with https://fabrikamb2c.b2clogin.com) to see if the problem is inside my code, or it is in Azure settings. When I do that with the example settings, I correctly see a login screen. When I switch to my own settings, the above situation occurs. So I guess it has something to do with the settings in Azure. The correct flow (so with the example settings)
User clicks on link to login
Browser goes to: https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/b2c_1_susi/oauth2/v2.0/authorize?client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&redirect_uri=https%3A%2F%2Flocalhost%3A5000%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access%20https%3A%2F%2Ffabrikamb2c.onmicrosoft.com%2Ftasks%2Fread&response_mode=form_post&nonce={long.string}&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
Login screen showed up
I do see some differences in this URL (around the scope for example), but can't figure out what causes my issue. Currently tinking of permissions?
Azure settings
Azure Subscription 1 - out of scope
Azure Subscription 2
Azure B2C tenant, linked to azure subscription 2
Inside Azure subscription 2
Azure Active Directory with multiple users
App Service: LoginPortalAdB2C <-- code deployment, currently not in use: trying to get it to work locally
App Registration: LoginPortal
Client ID: xxxxxxxx-xxx-xxxx-xxxx-xxxxxxxxxxxxx
ClientSecret: yyyyyyyyyyyyyyyyyyyy-yy-yyyyyyyyyy
Inside B2C subscription (Linked to subscription 2)
Azure B2C: {myb2cdomain}.onmicrosoft.com
App Registration: LoginPortal Identity Experience
Client ID: aaaaaaaa-aaaa-aaa-aaaa-aaaaaaaaaaaa
ClientSecret: bbbbbbbbbbbbbbbb-bbbbb-bb.bbbbbbb-b
Redirect URI: https://jwt.ms
Enabled Access tokens
Enabled ID tokens
Supported account types: Accounts in any organizational directory or any identity provider. For authenticating users with Azure AD B2C.
Permissions: Microsoft Graph: offline_access, openid
Owners: me
Identity providers
Local account
OpenID Connect
https://login.microsoftonline.com/{azure-subscription-2-id}/.well-known/openid-configuration
Client ID: xxxxxxxx-xxx-xxxx-xxxx-xxxxxxxxxxxxx (= app registration in CCI Groep subscription)
Client Secret: yyyyyyyyyyyyyyyyyyyy-yy-yyyyyyyyyy (= app registration in CCI Groep subscription)
Scope: openid
Response type: code
Response mode: form_post
User ID: sub
Display name: name
Given name: given_name
Surname: family_name
Email: email
Users
Added myself
User flows
B2C_1_susi
Identity providers: Local account, OpenID
User Attributes
Email Address
Given name
Surname
I hope anyone can give me some light here...
Update:
I tried to get some more light by using Fiddler. I can see:
GET https://{myb2cdomain}.b2clogin.com/{myb2cdomain}.onmicrosoft.com/B2C_1_susi/v2.0/.well-known/openid-configuration HTTP/1.1
With a reponse containing:
{
"issuer": "https://{myb2cdomain}.b2clogin.com/{b2c-id}/v2.0/",
"authorization_endpoint": "https://{myb2cdomain}.b2clogin.com/{myb2cdomain}.onmicrosoft.com/b2c_1_susi/oauth2/v2.0/authorize",
"token_endpoint": "https://{myb2cdomain}.b2clogin.com/{myb2cdomain}.onmicrosoft.com/b2c_1_susi/oauth2/v2.0/token",
"end_session_endpoint": "https://{myb2cdomain}.b2clogin.com/{myb2cdomain}.onmicrosoft.com/b2c_1_susi/oauth2/v2.0/logout",
"jwks_uri": "https://{myb2cdomain}.b2clogin.com/{myb2cdomain}.onmicrosoft.com/b2c_1_susi/discovery/v2.0/keys",
"response_modes_supported": [
"query",
"fragment",
"form_post"
],
"response_types_supported": [
"code",
"code id_token",
"code token",
"code id_token token",
"id_token",
"id_token token",
"token",
"token id_token"
],
"scopes_supported": [
"openid"
],
"subject_types_supported": [
"pairwise"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic"
],
"claims_supported": [
"idp",
"sub",
"tfp",
"iss",
"iat",
"exp",
"aud",
"acr",
"nonce",
"auth_time"
]
}
GET https://{myb2cdomain}.b2clogin.com/{myb2cdomain}.onmicrosoft.com/b2c_1_susi/discovery/v2.0/keys
Containing
{
"keys": [
{"kid":"{id}","nbf":1111111111,"use":"sig","kty":"RSA","e":"AQAB","n":"{long-id}"}
]
}
GET
https://{myb2cdomain}.b2clogin.com/{myb2cdomain}.onmicrosoft.com/b2c_1_susi/oauth2/v2.0/authorize?client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&redirect_uri=https%3A%2F%2Flocalhost%3A5000%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access%20&response_mode=form_post&nonce={long.string}&client_info=1&state={long.string2}&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
The response in text unreadable... althrough when I set the response to XML, I do see some HTML here:
<html />
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Logging in...</title>
<meta name="CACHE-CONTROL" content="NO-CACHE" />
<meta name="PRAGMA" content="NO-CACHE" />
<meta name="EXPIRES" content="-1" />
</head>
<body>
<form id="auto" method="post" action="https://jwt.ms">
<div>
<input type="hidden" name="error" id="error" value="redirect_uri_mismatch" />
<input type="hidden" name="error_description" id="error_description" value="AADB2C90006: The redirect URI 'https://localhost:44316/signin-oidc' provided in the request is not registered for the client id
...
Containing...
The redirect URI 'https://localhost:44316/signin-oidc' provided in the request is not registered for the client id.
Guess I'll need to check the redirect URI's...
Okay... it seems to be impossible to work locally with the redirect URL https://jwt.ms as redirect URL (or I simply do not know how. See also https://github.com/aspnet/Security/issues/1757).
The jwt.ms URL works great for testing the user flow, but not usable in production, as the appsetting value CallbackPath requires a relative path.
So... I added the Redirect URI in my B2C App registration to https://localhost:44316/signin-oidc, and.... tada! It works.
For now I added the CallBackPath to my appsettings.json, just to have it documentated.
"CallbackPath": "/signin-oidc" // Default value: /signin-oidc. If change, please edit or add the link into the B2C App Registration
And Ilet my code pick it up later
options.CallbackPath = AzureAdB2COptions.CallbackPath;
If you let both of these lines away, it does also work. As long as you specify /signin-oidc in the app registration redirect URI.
Sadly the error that occured wasn't showed easily to the end-user...
I am trying to embed Facebook oath as one of the signin methods to my web application that is using Google's firebase as a backend service.
At the moment, my app is not deployed - so I am still using localhost URL. My problem is redirecting from login to the dashboard of my app. The firefox console shows this log when I try to log in using facebook oath.
code: "auth/popup-closed-by-user"
message: "The popup has been closed by the user before finalizing the operation."
stack: ""
On the front-end : snippet for .js
//login with facebook
const facebookButton = document.querySelector('#facebookLogin');
facebookButton.addEventListener('click', (e)=>{
e.preventDefault();
M.Modal.getInstance(modal).close();
loginForm.reset();
const provider = new firebase.auth.FacebookAuthProvider();
auth.signInWithPopup(provider).then(function(result){
console.log(result);
console.log("Successful Facebook Sign in");
}).catch(function(error){
console.log(error);
console.log("Login failed");
})
})
Snippet for .html file - it's just a button
<button id="facebookLogin">Login with Facebook</button>
​Has anyone experienced something like this? How did you work around it?
Thanks in advance.
We have deployed an all-in-one instance of WSO2 API Manager. We have got ssl working and you can log in and see published APIs.
We have set up the carbon.xml to have the external-facing address (apidev.example.com) and both /store/ and /publisher/ can be accessed from that address.
However, the problem is the APIs published in the store are using the local hostname of dev.company.interal.
This means that a user will sign to
https://apidev.example.com/store
click on an API and get redirected to
https://dev.company.interal:9443/store/apis/...
which is no good as that address isn't accessible to people outside our network. so I want the store to use the external-facing address.
I've included the config files, shorten to the edits which have been made.
carbon.xml
<HostName>apidev.example.com</HostName>
<!-- Host name to be used for the Carbon management console-->
<MgtHostName>apidev.example.com</MgtHostName>
api-manager.xml
<APIManager>
<DataSourceName>jdbc/WSO2AM_DB</DataSourceName>
<GatewayType>Synapse</GatewayType>
<EnableSecureVault>false</EnableSecureVault>
<AuthManager>
<!-- Server URL of the Authentication service -->
<ServerURL>https://dev.company.interal:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
<!-- Admin username for the Authentication manager. -->
<Username>${admin.username}</Username>
<!-- Admin password for the Authentication manager. -->
<Password>${admin.password}</Password>
<!-- Indicates whether the permissions checking of the user (on the Publisher and Store) should be done
via a remote service. The check will be done on the local server when false. -->
<CheckPermissionsRemotely>false</CheckPermissionsRemotely>
</AuthManager>
...
<APIGateway>
<!-- The environments to which an API will be published -->
<Environments>
<Environment type="hybrid" api-console="true">
<Name>Production and Sandbox</Name>
<Description>This is a hybrid gateway that handles both production and sandbox token traffic.</Description>
<!-- Server URL of the API gateway -->
<ServerURL>https://apidev.example.com${carbon.context}services/</ServerURL>
<!-- Admin username for the API gateway. -->
<Username>${admin.username}</Username>
<!-- Admin password for the API gateway.-->
<Password>${admin.password}</Password>
<!-- Endpoint URLs for the APIs hosted in this API gateway.-->
<!--GatewayEndpoint>http://${carbon.local.ip}:${http.nio.port},https://apidev.linkedsystems.uk:${https.nio.port}</GatewayEndpoint-->
<GatewayEndpoint>http://apidev.example.com,https://apidev.example.com</GatewayEndpoint>
</Environment>
</Environments>
</APIGateway>
...
<APIKeyValidator>
<!-- Server URL of the API key manager -->
<ServerURL>https://dev.company.interal:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
<!-- Admin username for API key manager. -->
<Username>${admin.username}</Username>
<!-- Admin password for API key manager. -->
<Password>${admin.password}</Password>
<KeyValidatorClientType>ThriftClient</KeyValidatorClientType>
<ThriftClientConnectionTimeOut>10000</ThriftClientConnectionTimeOut>
<!--ThriftClientPort>10397</ThriftClientPort-->
<EnableThriftServer>true</EnableThriftServer>
<ThriftServerHost>localhost</ThriftServerHost>
<!--ThriftServerPort>10397</ThriftServerPort-->
<!--ConnectionPool>
<MaxIdle>100</MaxIdle>
<InitIdleCapacity>50</InitIdleCapacity>
</ConnectionPool-->
<!-- Specifies the implementation to be used for KeyValidationHandler. Steps for validating a token can be controlled by plugging in a
custom KeyValidation Handler -->
<KeyValidationHandlerClassName>org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler</KeyValidationHandlerClassName>
</APIKeyValidator>
...
<!-- API Store Related Configurations -->
<APIStore>
<!--GroupingExtractor>org.wso2.carbon.apimgt.impl.DefaultGroupIDExtractorImpl</GroupingExtractor-->
<!--This property is used to indicate how we do user name comparision for token generation https://wso2.org/jira/browse/APIMANAGER-2225-->
<CompareCaseInsensitively>true</CompareCaseInsensitively>
<DisplayURL>true</DisplayURL>
<!--URL>https://localhost:${mgt.transport.https.port}/store</URL-->
<URL>https://apidev.example.com/store</URL>
<!-- Server URL of the API Store. -->
<ServerURL>https://apidev.example.com:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
<!-- Admin username for API Store. -->
<Username>${admin.username}</Username>
<!-- Admin password for API Store. -->
<Password>${admin.password}</Password>
<!-- This parameter specifies whether to display multiple versions of same
API or only showing the latest version of an API. -->
<DisplayMultipleVersions>false</DisplayMultipleVersions>
<!-- This parameter specifies whether to display all the APIs
[which are having DEPRECATED/PUBLISHED status] or only display the APIs
with having their status is as 'PUBLISHED' -->
<DisplayAllAPIs>false</DisplayAllAPIs>
<!-- Uncomment this to limit the number of APIs in api the API Store -->
<!--APIsPerPage>5</APIsPerPage-->
<!-- This parameter specifies whether to display the comment editing facility or not.
Default is "true". If user wants to disable, he must set this param as "false" -->
<DisplayComments>true</DisplayComments>
<!-- This parameter specifies whether to display the ratings or not.
Default is "true". If user wants to disable, he must set this param as "false" -->
<DisplayRatings>true</DisplayRatings>
<!--set isStoreForumEnabled to false for disable forum in store-->
<!--isStoreForumEnabled>false</isStoreForumEnabled-->
</APIStore>
...
<ThrottlingConfigurations>
<EnableAdvanceThrottling>true</EnableAdvanceThrottling>
<DataPublisher>
<Enabled>false</Enabled>
<Type>Binary</Type>
<ReceiverUrlGroup>tcp://${carbon.local.ip}:${receiver.url.port}</ReceiverUrlGroup>
<AuthUrlGroup>ssl://${carbon.local.ip}:${auth.url.port}</AuthUrlGroup>
<Username>${admin.username}</Username>
<Password>${admin.password}</Password>
<DataPublisherPool>
<MaxIdle>1000</MaxIdle>
<InitIdleCapacity>200</InitIdleCapacity>
</DataPublisherPool>
<DataPublisherThreadPool>
<CorePoolSize>200</CorePoolSize>
<MaxmimumPoolSize>1000</MaxmimumPoolSize>
<KeepAliveTime>200</KeepAliveTime>
</DataPublisherThreadPool>
</DataPublisher>
<PolicyDeployer>
<ServiceURL>https://dev.company.interal:${mgt.transport.https.port}${carbon.context}services/</ServiceURL>
<Username>${admin.username}</Username>
<Password>${admin.password}</Password>
</PolicyDeployer>
<BlockCondition>
<Enabled>true</Enabled>
<!--InitDelay>300000</InitDelay>
<Period>3600000</Period-->
</BlockCondition>
<JMSConnectionDetails>
<Enabled>true</Enabled>
<ServiceURL>tcp://${carbon.local.ip}:${jms.port}</ServiceURL>
<Username>${admin.username}</Username>
<Password>${admin.password}</Password>
<Destination>throttleData</Destination>
<!--InitDelay>300000</InitDelay-->
<JMSConnectionParameters>
...
</APIManager>
any help/pointers would be appreciated
So the answer is;
the file at {AM_HOME}/repository/deployment/server/jaggeryapps/store/site/conf/site.json
needs changing to reflect the reverse proxy settings. Following the example laid out in the question, the new setting would be;
"reverseProxy" : {
"enabled" : true, // values true , false , "auto" - will look for X-Forwarded-* headers
"host" : "apidev.example.com", // If reverse proxy do not have a domain name use IP
"context":"/store",
//"regContext":"" // Use only if different path is used for registry
},
Thats all folks