IBM webMethods Hybrid Integration

IBM webMethods Hybrid Integration

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.


#TechXchangePresenter
 View Only
Back to discussions
Expand all | Collapse all

webMethods.io API - Identify & Authorize Application using SSL Certificate

  • 1.  webMethods.io API - Identify & Authorize Application using SSL Certificate

    Posted Wed June 24, 2020 02:48 AM

    Dear All,

    We have a requirement identify client Application using SSL Certificate.

    The REST API is created, “Identify & Authorize Application” is configured as follows:

    • Condition: OR

    • Allow anonymous: false

    • Identification Type: API Key
    • Application Lookup Condition: Registered applications

    • Identification Type: SSL Certificate
    • Application Lookup Condition: Registered applications

    The REST API is consumed using an Application and below are the Application properties
    • Identifiers: Client certificates (attached the client certificate (.cer format))
    • API access key

    I generated keypair using java keytool and exported the public certificate and used that certificate to test this feature.

    {“Exception”:“API Gateway encountered an error. Error Message: Unauthorized application request. Request Details: Service - CruiseOperations, Operation - /<operation_name>, User - Default and Application:sys:defaultApplication”}

    Here the exception is indicating that application identification is not happening properly.

    I see a similar post but it talks about 2-way SSL where in my use case i just want to identify the application using x509 certificate passed as part of request.

    I am using postman to hit the end-point using https endpoint and below are the logs from postman:

    GET https://ctscloud.gateway.webmethodscloud.com/gateway/CruiseOperations/1.0/cruises

    Client Certificate
    cert: {…}
    src: “C:\Users\Documents\temp\auth-service-pub-cert.crt”
    id: “68ca3bdd-6987-4eef-bd09-829b65ffa52c”
    key: {…}
    src: “”
    matches: [1]
    0: {…}
    pattern: “https://ctscloud.gateway.webmethodscloud.com/*”
    passphrase: “”
    pfx: {…}
    src: “”
    Network
    addresses: {…}
    tls: {…}
    Request Headers
    x-app-name: CruiseOperation
    User-Agent: PostmanRuntime/7.26.1
    Accept: /
    Cache-Control: no-cache
    Postman-Token: 725cfaea-9b8b-4648-a0d9-b63bd1707b16
    Host: ctscloud.gateway.webmethodscloud.com
    Accept-Encoding: gzip, deflate, br
    Connection: keep-alive
    Response Headers
    Server: APICLOUD
    Date: Wed, 24 Jun 2020 06:41:04 GMT
    Content-Type: application/json
    Content-Length: 230
    Connection: keep-alive
    WWW-Authenticate: APIKey Realm = ‘APIGateway’,Transport mode=‘tls-client-certificate’
    Content-Encoding: gzip
    Response Body
    {“Exception”:“API Gateway encountered an error. Error Message: Unauthorized application request. Request Details: Service - CruiseOperations, Operation - /cruises, Invocation Time:6:41:04 AM, Date:Jun 24, 2020, Client IP - , User - Default and Application:sys:defaultApplication”}


    #API-Gateway
    #API-Management
    #webMethods


  • 2.  RE: webMethods.io API - Identify & Authorize Application using SSL Certificate

    Posted Mon June 29, 2020 04:23 PM

    Would you mind confirming the outbound routing (under policies ) is set to authorized user in the back-end.

    Annotation 2020-06-29 232003https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files3/ef81c61309d35c247dea39eb5ed399467a3b0354_2_1035x360.png 1.5x, https://higherlogicdownload.s3.amazonaws.com/IMWUC/webMethods/Files/ef81c61309d35c247dea39eb5ed399467a3b0354.png 2x" data-dominant-color="F2F4F6">
    Annotation 2020-06-29 2320031117×390 26.4 KB


    #API-Management
    #API-Gateway
    #webMethods


Related Content