Is there a way to setup apigee to use external authentication server - api

Is there a way to setup apigee to use external authentication server, to better explain the situation:
we generate a token from an app (test.app.com/services/oauth2/token)
we send this token with the request to the apigee endpoint
the apigee should call (test.app.com/services/oauth2/introspect) with authentication header (basic) and with body containing the token to verify it.
Im fairly new in apigee and have not seen similar implementations in my search

I am not sure if you figured another approach to this but I would you a service callout policy to call the authentication server as below:
<ServiceCallout async="false" continueOnError="false" enabled="true" name="SC-GetAuthPass">
<DisplayName>SC-GetAuthPass</DisplayName>
<Properties/>
<Request clearPayload="true" variable="ABCDLogin">
<Set>
<Headers>
<Header name="Content-Type">application/x-www-form-urlencoded</Header>
</Headers>
<Verb>POST</Verb>
<FormParams>
<FormParam name="username">{server_username}</FormParam>
<FormParam name="password">{server_password}</FormParam>
</FormParams>
</Set>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
</Request>
<Response>calloutResponseGetAuthPass</Response>
<HTTPTargetConnection>
<Properties/>
<URL>{authentication_server_url}</URL>
</HTTPTargetConnection>
Then I could just extract the token and pass it to Apigee
<JSONPayload>
<Variable name="authpass">
<JSONPath>$.</JSONPath>
</Variable>
</JSONPayload>
<Source clearPayload="false">calloutResponseGetAuthPass</Source>
Then you could just call the verification endpoint with the extracted token (I assume this would be another service callout)

Related

IBM Mobilefirst: Issue in calling a service from adapter with basic auth

I have a service call thats being called from my adapter and that particular service call is being protected by Basic auth. So I am adding the following code in adapter XML to help all the service calls from this adapter to do the Basic Auth validation.
<wl:adapter name="adapter" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:wl="http://www.ibm.com/mfp/integration" xmlns:http="http://www.ibm.com/mfp/integration/http">
<displayName>adapter</displayName>
<description>adapter</description>
<connectivity>
<connectionPolicy xsi:type="http:HTTPConnectionPolicyType">
<protocol>http</protocol>
<domain>myweb.com</domain>
<!-- <port>443</port> -->
<connectionTimeoutInMilliseconds>30000</connectionTimeoutInMilliseconds>
<socketTimeoutInMilliseconds>30000</socketTimeoutInMilliseconds>
<authentication>
<basic />
<serverIdentity>
<username>123-123-123-123</username>
<password>12334445!</password>
</serverIdentity>
</authentication>
<maxConcurrentConnectionsPerNode>50</maxConcurrentConnectionsPerNode>
<!-- Following properties used by adapter's key manager for choosing specific
certificate from key store <sslCertificateAlias></sslCertificateAlias> <sslCertificatePassword></sslCertificatePassword> -->
</connectionPolicy>
</connectivity>
<procedure name="procedure1" securityTest="wl_unprotected"
connectAs="server" />
<procedure name="procedure2" securityTest="wl_unprotected"
connectAs="server" />
</wl:adapter>
When i trying hitting service by using the above xml it gives me Invalid Authorization. But when i added it manually to the header of my service call in the js code it gets through as below.
headers: {Authorization: "Basic MTIzLTEyMy0xMjMtMTIzOjEyMzQ1NiE="}
can some body help me in understanding what could be the issue. Will there be some issue if i keep special characters in the XML. How do i make it work.
Thankyou.
An adapter request with the Authorization header will be sent only if the destination service returns 401 or 403 first. If you are able to change the response code of that service, this may be a solution for you. Otherwise, continue with adding the Authorization header as you do, which as you say seems to work.

How to bridge from a webhook URL to a HTTP POST request?

I want to make a HTTP POST request to Twilio but the calling service only allows me to enter a webhook URL.
I was trying to bridge this with apigee's API proxy but I could not figure out how to make it work.
The flow is like this:
A chat bot on motion.ai calls a web hook URL at a certain point.
The call should make an outbound call via twilio.com which requires a HTTP POST request, see here.
The POST request looks like this:
$ curl -XPOST https://api.twilio.com/2010-04-01/Accounts/<...>/Calls.json \
--data-urlencode "Url=http://demo.twilio.com/docs/voice.xml" \
--data-urlencode "To=<...>" \
--data-urlencode "From=<...>" \
-u '<...>:<...>'
What is the easiest way to bridge this?
I managed to setup an API proxy with Apigee to convert the HTTP GET request to a HTTP POST request.
Create a API proxy in Apigee and add a Basic Authentication policy:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<BasicAuthentication async="false" continueOnError="false" enabled="true" name="Basic-Authentication-1">
<DisplayName>Basic Authentication-1</DisplayName>
<Operation>Encode</Operation>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<User ref="request.queryparam.username"/>
<Password ref="request.queryparam.password"/>
<AssignTo createNew="false">request.header.Authorization</AssignTo>
<Source>request.header.Authorization</Source>
</BasicAuthentication>
Next add a Assign Message policy:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-Message-1">
<DisplayName>ConvertQueryToFormParameters</DisplayName>
<Properties/>
<Copy source="request">
<Headers/>
<QueryParams/>
<FormParams/>
<Payload/>
<Verb/>
<StatusCode/>
<ReasonPhrase/>
<Path/>
</Copy>
<Add/>
<Set>
<FormParams>
<FormParam name="To">{request.queryparam.To}</FormParam>
<FormParam name="From">{request.queryparam.From}</FormParam>
<FormParam name="Url">{request.queryparam.Url}</FormParam>
</FormParams>
<Verb>POST</Verb>
</Set>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</AssignMessage>
Then you can make a POST request to Twilio by simply calling
https://<yourApigeeApiUrl>.apigee.net/<yourApiName>?username=<yourTwilioApiUsername>&password=<yourTwilioApiPassword>&...

How to get the OAuth2 access token using Post method

Im trying to configure oauth2 with spring security, i took an example from
https://github.com/neel4software/SpringSecurityOAuth2
now my problem is i need to get an oauth2 access token using a post method instead of get, below is how the token end point is configured in spring security xml
this is the GET method URL end point that is working
http://localhost:8080/SpringRestSecurityOauth/oauth/token?grant_type=password&client_id=restapp&client_secret=restapp&username=beingjavaguys&password=spring#java
and this is how the end point configuration done in spring security xml
<http pattern="/oauth/token" create-session="stateless"
authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" />
<http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<!-- include this only if you need to authenticate clients via request
parameters -->
<custom-filter ref="clientCredentialsTokenEndpointFilter"
after="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
in order to access it using a POST method i have tried to access below end point using
http://localhost:8080/SpringRestSecurityOauth/oauth/token
with the given parameters as a payload in rest client(i have also tried to give these parameters as header parameters)
grant_type: password
client_id: restapp
client_secret: restapp
username: beingjavaguys
password: spring#java
but each time i tried to access it using rest client it allways prompt me for a username and password which i don't know. i gave username as "beingjavaguys" and password as "spring#java" which didn't work. im using Oauth2 in first time
To generate a oauth 2.0 token with password grant_type, below is the process
credential = base64Encode(clientId:secret)
value of credential is cmVzdGFwcDpyZXN0YXBw
now here is how your request should look like,
POST /SpringRestSecurityOauth/oauth/token
HOST: localhost:8080
Authorization: Basic cmVzdGFwcDpyZXN0YXBw
Content-Type: application/x-www-form-urlencoded
Payload:
grant_type=password&username=beingjavaguys&password=spring%40java

SMS Gateway for SMS Notifications with Worklight using HTTP POST?

I'm using IBM Worklight Studio V6.2.0.0 and I would like to use Worklight SMS Notification messages with Skebby SMS Broker. I configured the SMSConfig.xml file as well for the Broker according to Worklight documentation and Skebby documentation API :
<sms:config xmlns:sms="http://www.worklight.com/sms/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<gateway id="skebby" hostname="gateway.skebby.it" port="80"
programName="api/send/smseasy/advanced/http.php" toParamName="recipients[]" textParamName="text">
<parameter encode="true" name="method" value="send_sms_classic"/>
<parameter encode="true" name="username" value="foo"/>
<parameter encode="true" name="password" value="foo"/>
<parameter encode="true" name="sender_string" value="Foo"/>
</gateway>
</sms:config>
From WebSphere Console output, I don't see any error but analyzing HTTP traffic, I see an error since the request is made by HTTP GET and this method but only POST is allowed.
How can I "force" HTTP POST instead of GET?
Then I tried to use HTTPS using port 443 with no luck getting a ClientProtocolException, is it possible to use HTTPS?
Then I've figured out that the value recipients[] of the toParamName key is urlencoded recipients%5B%5D=, how to avoid also this?
Thanks
Currently, the SMS support in Worklight supports only HTTP and only GET calls.
You can submit a feature request to be evaluated by Worklight product designers for future releases.
See here: http://www.ibm.com/developerworks/rfe/

Submitting WCF-generated XML through SoapUI

I have a WCF service that I'm testing with SoapUI. I'm using a VS-generated proxy class on the client, and I'm using an IClientMessageInspector class to intercept the XML just before the request and save it. Later on, I paste this XML into SoapUI to replay the transaction.
However, when submitting the XML with SoapUI, I get the following response: HTTP/1.1 400 Bad Request
I found that if I remove the contents of the <Header> tag by setting it to empty, then the call succeeds. But I don't know why.
Here is how the Header tag is generated by the client proxy:
<s:Header />
<Action xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none" s:mustUnderstand="1">http://app.company.com/IApp/Foo</Action>
</s:Header>
Here is what I change it to in order for it to work:
<s:Header />