The purpose of this document is to guide users through the process of exporting the configuration of an XML firewall as a Gateway extension. This exported artifact can then be deployed in other environments, ensuring consistency and facilitating easier management of firewall configurations across different settings.
In continuation with the blog :
https://community.ibm.com/community/user/integration/blogs/aparna-reddy/2024/05/17/configuring-the-xml-firewall-in-datapower-to-sign
for ‘XML digital signature verification’, below are the detailed steps on ‘How to create an Extension’ which is used to deploy in the API Connect.
Follow the below steps after the successful creation of ‘XML Firewall’ using sign_verify_rules.
1. After successful creation of ‘XML Firewall’ config in the ‘XML digital signature verification’ blog, export the config from the DataPower and download. It is not limited to only the current mentioned configuration, any object configuration can be exported from the DataPower and follow the steps to create and deploy an Extension.
[FYI: Export can be done from Datapower with the below highlighted option]
2. Unzip the downloaded ‘XML Firewall’ configuration file and you can see the below folder’s/files inside the zip file.
NOTE: Since the cert folder and its keys/certificates from the file management cannot be exported, we need to add the cert folder and keys/certificates explicitly as shown below:
3. Create a folder with name cert and add the respective keys/certificates used while creating the ‘XML Firewall policy’ object.
Also, the cert folder path and the certificate can be verified from the ‘export.xml’ file as shown below:
4. Now, the folder structure should be like as shown below and then the folder ‘Verify-Action’ must be compressed to a .zip file.
5. Again, create a new folder, which is a gateway extension and add the ‘Verify-Action’ .zip file in the new folder ‘extension-verify’.
6. Now, create a manifest.json file which is a JSON file that lists the extensions.zip files to be applied and when they are to be deployed.
Refer the link below for the details:
https://www.ibm.com/docs/en/api-connect/10.0.x?topic=gateway-extensions-manifest.
7. The manifest.json file contains properties and files section as shown in the below format:
8. The manifest.json file must be at the root level of the extensions.zip file, along with the gateway extension files (‘Verify-Action’ .zip ) specified in the manifest.
9. Now, the extension .zip file- ‘extension-verify’ which has both manifest.json and the actual exported config from DP must be compressed to a zip file.
10. This is the actual Extension file which is used to deploy in the API Manager.
