Reverse proxy is a type of a proxy which can hide back end servers from the client applications. According to the above figure, Original servers are not exposed to the internet. Only reverse proxy is exposed to the internet.Client knows only the reverse proxy IP address. So he thinks that he is sending a request to the reverse proxy.He doesn't know anything about the original server. You can avoid some attacks using this architecture. Today I'm going to configure Apache HTTPD server(reverse proxy) and WSO2 identity server 5.0. Please download WSO2 identity server 5.0 from here You can install apache httpd server using below commands sudo apt - get update sudo apt - get install apache2 Restart the newly install apache server sudo service apache2 restart Apache is a modular server. This implies that only the most basic functionality is included in the core server.So You have to enable few other required features. Please use below command
Posts
Mutual Authenticator SSL authentication :- 1 way SSL authentication Mutual SSL authenticaion :- 2 way SSL authentication Mutual SSL authentication refers two parties authentication each other.This is the certificate based authentication process and each party should provide their digital certificate for authentication. Steps in mutual authentication A client requests access to a protected resource. The server presents its certificate to the client. The client verifies the server’s certificate. If successful, the client sends its certificate to the server. The server verifies the client’s credentials. If successful, the server grants access to the protected resource requested by the client. I'm giving you the steps to test mutual ssl authentication with wso2 IS and soapui Step 1 :- You have to download wso2 identity Server 5.0 from here and apply service pack as instructions given in readme file in service pack. Step 2 :- You have to uncomment below l
Admin Services WSO2 Identity Server exposes SOAP base services for management purposes. Those are known as admin services. Y ou can list down all the admin services by starting following ways. Step 1. Start the server with -DosgiConsole . For Linux, and Windows respectively. > sh wso2server.sh -DosgiConsole > wso2server.bat -DosgiConsole Step 2 . when server started, type listAdminServices osgi> listAdminServices OAuthAdminService There is a SOAP based admin service called "OAuthAdminService" that exposes methods to retrieve the authorized apps for given user and revoke them when user required. Ex use case:- List all the oAuth applications a user has approved and revoke each of them if required for a particular user. Note :- You have to change HideAdminServiceWSDLs property in carbon.xml file before you access Admin Services in carbon products.Default value is true. <HideAdminServiceWSDLs> false </HideAdmin