APIGW : Access to external service through proxy is not working
search cancel

APIGW : Access to external service through proxy is not working

book

Article ID: 115734

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction



The issue is that the users are trying to invoke a service which is out of our data center. 
We reach this service connecting to internet .
To connect with the internet we go through a proxy.  

In previous environments, this proxy was not secured by user/passwd but in PROD it is. 

Here is the problem: 
- in http(s) route assertion we have included a proxy configuration with user and passwd configured 
- in passwd we use the suggestion (secpass.XXXX.plaintext) and the passwd is gathered in a passwd store 
- When we execute the service from API GW an error raises saying that no credential is passed to proxy 
- If we execute the same without API GW (same user/passwd used before) it works fine and proxy receives credentials properly 

The error that raises when api gw used is: 
< HTTP/1.1 407 Proxy Authentication Required 
< Server: Apache-Coyote/1.1 
< Proxy-Authenticate: BASIC realm="ldap_edomus_prod" 
< Cache-Control: no-cache 
< Pragma: no-cache 
< Proxy-Connection: close 
< Set-Cookie: BCSI-CS-948F64D3C57772BB=2; Path=/intranet/api/resta/ApiNiji/v1/partner/api/v2; Domain=xx.xx.xx.xx
< Content-Type: text/html;charset=utf-8 
< Content-Length: 813 
< Date: Thu, 20 Sep 2018 16:30:40 GMT 

<HTML><HEAD> 
<TITLE>Access Denied</TITLE> 
</HEAD> 
<BODY> 
<FONT face="Helvetica"> 
<big><strong></strong></big><BR> 
</FONT> 
<blockquote> 
<TABLE border=0 cellPadding=1 width="80%"> 
<TR><TD> 
<FONT face="Helvetica"> 
<big>Access Denied (authentication_failed)</big> 
<BR> 
<BR> 
</FONT> 
</TD></TR> 
<TR><TD> 
<FONT face="Helvetica"> 
Your credentials could not be authenticated: "Credentials are missing.". You will not be permitted access until your credentials can be verified. 
</FONT> 
</TD></TR> 
<TR><TD> 
<FONT face="Helvetica"> 
This is typically caused by an incorrect username and/or password, but could also be caused by network problems. 
</FONT> 
</TD></TR> 
<TR><TD> 
<FONT face="Helvetica" SIZE=2> 
<BR> 
For assistance, contact your network support team. 
</FONT> 
</TD></TR> 
</TABLE> 
</blockquote> 
</FONT> 
</BODY></HTML> 

Environment

ENV: 9.2 CR08

Resolution

It seems like the problem is in passing the password as secpass.XXX.plaintext
To resolve this problem, please change the label to a lower case  so insteasd of this ${secpass.OurUser.plaintext}, change this to 
${secpass.ouruser.plaintext}.  Please also make the same change in Proxy password (in routing assertion). 
Powered by Wolken Software