WSO2 API Manager not able to get response from localhost - wso2-api-manager

I have a node based sample rest based application in Nodejs which is accessible by the url http://localhost:8288/api/users.
I have configured APIM and I was able to hit some sample services like https://www.googleapis.com/books/v1/volumes?q=isbn:0747532699 and get the response back.
But when I try to hit my localhost rest service via API Manager using API Console, I am getting
Response Body no content
Response Code 0
Response Headers{
"error": "no response from server"
}
I have no error in the logs.But Neither call is reaching the backend rest service. Should i make some changes to access my localhost urls in API Manager.This API Manager installation and rest service is in the same machine.
Please help.

This can happen if the browser does not trust the certificate of the APIM endpoint. Ideally what should happen is that you should install APIM certificate in your browser.
As a workaround, you can tell the browser to accept the certificate. For that, copy API URL to a new browser tab and accept the certificate.
Then try again in API console. It should work.

Related

Azure ASP.NET Core web api returns 404 for proxied multipart/form-data request

I'm new to Azure and trying to set up my nextjs client app and my ASP.NET Core backend app. Everything seems to play well now, except for file uploads. It's working on localhost, but in production the backend returns a 404 web page (attached image) before reaching the actual API endpoint. I've also successfully tested to make a multipart/form-data POST request in Postman from my computer.
The way I implemented this is that I'm proxying the upload from the browser through an api route (client's server side) to the backend. I have to go via the client server side to append a Bearer token from a httpOnly cookie.
I've enabled CORS in Startup.cs:
app.UseCors(builder => { builder.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod(); });
The frontend and backend apps are running in individual services and I've tried to enable CORS in the Azure portal as well, but there I could only allow origins, not headers and methods? The error message doesn't indicate CORS problems, but I just wanted make sure..
As far as I can see the requests look good, with correct URLs and origins. I suspect I'm missing some config in azure, but I didn't get any further by following the hints in the error message.
Any suggestions to what may cause this? Or where I can start looking. I'm not quite sure where to look for log output for this issue.
I finally got this working. I figured the host header in the proxy http request was unchanged. I only changed the URL for the proxy request, but I solved it by setting the host manually as well. This also explains why it was working at localhost, since both the client and backend was running at the same host.

Apache Cloudstack Console Proxy access via API

I make use of the cloudstack API, to integrate into a 3de party portal. I would like to access the console proxy via the API, cant find the API methods to do so.
Ie get the session token for the specific virtual machine and open up the ajax window from our 3de party portal.
The management server should expose the Console Proxy to use via the API, then I assume you should acquire a token based on login credentials, or via the API for the specific Virtual Machine you have access to.
If someone done this before, would be appreciated to share some detail related to this request.
Looking at the source for Console Proxy I solved this problem per below :
Use the same authentication procedure the normal cloudstack api use defined her - http://docs.cloudstack.apache.org/en/latest/developersguide/dev.html
Use the same API Key and sign the request with API Secret provided from Cloudstack:
The Console proxy endpoint are as follow - /console?cmd=access&vm=xxx, on success a Url will be returned with a token to access the virtual machine.
Test Results -
Request:
CloudstackRequestClientFilter -> cmd=access&vm=29603248-6d8a-4582-aa9a-4d1bfb4d7714&apikey=3NRrdrhDTwggQ_oQny11dD39-XRWJxCd0dh2xqtMNShrz_jb4ZdhHtmRh7NYiOfRzLNwPcBVAfT9FHh9v96vzg&response=json&signature=u4c7QZNQNcN+2s3fhRNSHTyl7+Q=
Response :
frame src="http://172.16.90.99/ajax?token=TCbfnguNvsHEkga3jPJEfZctqiPHTEynM6sAG2K8iIuioKHU8UU1QAWuQLHATd0dznP9vXPggHJp9km_1bmmStiD1PPKr6nZeid0NVI7kUt8_vOGkOK4vdM2d388KFj8oA280mQ-ZjPHWPgU4gCn47nLVb-2cVxNgOijOjdgDEDj5vlqFkzz2YhcqkLt6CIVdFcAJ1g1gqvhrO530ubjLZsiQvxs_kn9X8eXMafhRm_qugu3k6lLuG38zXsK9jKNWkmqoAV2EBBZh-r6agm4dQ">
Hope this helps, took met sometime to figure this out, source for the console proxy can be found here :
https://github.com/apache/cloudstack/blob/master/server/src/main/java/com/cloud/servlet/ConsoleProxyServlet.java

How can I verify if my application has access to the Here geocoder api?

I'm implementing Here API geocoder, and my application works almost always behind firewalls. How can I know if the application has access to geocoder api without using credentials? Is there same url that I can call to check if I have access to it?
If your firewall allows HTTPS traffic from your application, then you should have access to HERE APIs.
In practice, you can try to send the following GET request:
https://geocoder.api.here.com/6.2/geocode.json?city=Chicago&app_id=123&app_code=123
Since app_id and app_code are filled with the dummy 123 value, the expected behaviour, in case the request is not blocked by the firewall, would be to receive an HTTP response code of 401 (Unauthorized).

WSO2 Identity Server samlsso service url exposed via WSO2 API Manager

I successfully configured WSO2 API Manager 1.8.0 [e.g. https://wso2am.com:9443] and WSO2 Identity Server 5.0.0 SP1 [IS] acting as Key Manager [e.g. https://wso2is.com:9443] in a clustered setup on 2 different servers.
I also configured a Service Provider in the IS using a SAML SSO Inbound Authenticator and tested it with travelocity.com sample app.
The sample app builds the SAML request in the right way, but https://wso2am.com:9443/samlsso?SAMLRequest=[base64stuff] returns an HTTP Status 405 - HTTP method GET is not supported by this URL.
Changing the url in https://wso2is.com:9443/samlsso?SAMLRequest=[base64stuff]
leads to successful authentication.
Basically I want to be redirected to wso2am login page and not wso2is login page.
In this way, I could deploy in DMZ WSO2AM only, leaving WSOIS in the internal network.
How can I do?
Thanks
In this scenario I think your authentication request must be directed to IS server, not APIM. The IS server is the one who does the authentication. Hence it acts as the IDP. APIM is just a service provider (SP). Even if you succeeded (even it's not the correct behaviour) with sending a SAML request to https://wso2am.com:9443/samlsso endpoint, it will redirect you to the login page in IS server. So you have to send the SAML request to the https://wso2is.com:9443/samlsso endpoint for successful authentication & for the correct behavior.

How do you debug an ASP.Net application accessing an OAuth secured API?

I know there has to be an obvious solution to this problem and I am missing it, so I would much appreciate someone enlightening me so I don't spin my wheels...
I am writing an ASP.Net application that will interact with a service API (Evernote specifically). Evernote requires OAuth for security and before I can actually interact with the objects I need to obtain a token.
The workflow goes like this (explaining it to myself as much as anyone else!):
Build a url with my development api key and secret key and some other OAuth stuff, send it to Evernote to request an access token.
Send the url as a request to Evernote and pull the new access token out of the response
Build another url with the access token to request an authentication token for the user. This url goes to a page the user must interact with to login (if they haven't already) and then authorize my application to access their account. The last param of the url I build is a callback url which will be called from Evernote's servers.
If all goes well, Evernote will request the callback url and include the new authentication token as a param.
Once my server receives the callback with the embedded token I can use it so that my app can interact with the users' notes on subsequent requests.
The problem is that I'm writing this app on a local box, not an ISP under a public domain. So my callback is to the localhost server. Of course, localhost is relative, so Evernote can't resolve my callback... I can't ever receive an authentication token and debug at the same time.
There has to be a way around this problem because this authentication model is not unique to Evernote (by a longshot... Flickr uses it as do a lot of other services). So can someone tell me how to set things up so I can get the authentication token and still be able to debug on my local box?
Help is much appreciated!
OAuth is quite tough to implement. It may not be the answer you're looking for, but this is how I managed to get the job done:
Write some code on my local dev machine.
Run a bat file (or alternatively hook a post-build event in VS) that executes a msbuild deploy script and deploys the application to a test server.
Run the application on the test server. After obtaining the request token and requesting for authorization it redirects to the Evernote website.
After successful authorization the Evernote website redirects back to my test server and the authorized request token is exchanged for an access token.
Instead of debugging (I don't have VS on the test server) I examine the logs of the application (the logging I used was as simple as writing to a text file).
Rinse and repeat
For the purposes of testing I registered a temporary public subdomain (e.g. testing.oauth.mydomain.com) so that Evernote will be able redirect to that url.
According to this (How do I develop against OAuth locally?) the callback is issued by the browser, so it should be able to hit localhost.

Resources