Proxy authorization required error in WSO2 API Manager

0
votes

I'm using WSO2 API Manager 2.0 and have configured it to use a proxy by adding the following configuration to the axis2.xml and synapse.xml. However, when I try to access the test API I've made, I get the errors "Proxy Authorization required" or "Server Hangup". When I tried to see the requests made over the wire, I saw that there were two requests going - A GET request (which receives the Server Hangup error) that has the Proxy Authentication header, and a CONNECT request (which receives the Proxy Authorization required error) that doesn't. Why is this happening and how can I make the header appear in every request?

axis2.xml: 

<transportSender name="http" class="org.apache.synapse.transport.passthru.PassThroughHttpSender">
    <parameter name="non-blocking" locked="false">true</parameter>
    <parameter name="http.proxyHost" locked="false">10.1.0.236</parameter>
    <parameter name="http.proxyPort" locked="false">80</parameter>
</transportSender>

<transportSender name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLSender">
    <parameter name="non-blocking" locked="false">true</parameter>
    <parameter name="http.proxyHost" locked="false">10.1.0.236</parameter>
    <parameter name="http.proxyPort" locked="false">80</parameter>
    <parameter name="keystore" locked="false">
        <KeyStore>
            <Location>repository/resources/security/wso2carbon.jks</Location>
            <Type>JKS</Type>
            <Password>wso2carbon</Password>
            <KeyPassword>wso2carbon</KeyPassword>
        </KeyStore>
    </parameter>
    <parameter name="truststore" locked="false">
        <TrustStore>
            <Location>repository/resources/security/client-truststore.jks</Location>
            <Type>JKS</Type>
            <Password>wso2carbon</Password>
        </TrustStore>
    </parameter>
    <parameter name="HostnameVerifier">AllowAll</parameter>
        <!--supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified -->
</transportSender>

synapse.xml:

<definitions xmlns="http://ws.apache.org/ns/synapse">
    <sequence xmlns="http://ws.apache.org/ns/synapse" name="WSO2AM--Ext--In">
        <property name="Proxy-Authorization" expression="fn:concat('Basic ', base64Encode('smsapp:let$c0nnect'))" scope="transport"/>
        <property name="POST_TO_URI" value="true" scope="axis2"/>
        <property name="DISABLE_CHUNKING" value="true" scope="axis2"/>
        <log level="custom">
            <property name="TRACE" value="Global Mediation Extension2"/>
        </log>
    </sequence>
<!-- You can add any flat sequences, endpoints, etc.. to this synapse.xml file if you do
*not* want to keep the artifacts in several files -->
</definitions>

Requests and their responses:
GET

GET https://apiurl.com/api/apiname HTTP/1.1\r\n
    [Expert Info (Chat/Sequence): GET https://apiurl.com/api/apiname HTTP/1.1\r\n]
        [GET https://apiurl.com/api/apiname HTTP/1.1\r\n]
        [Severity level: Chat]
        [Group: Sequence]
    Request Method: GET
    Request URI: https://apiurl.com/api/apiname
    Request Version: HTTP/1.1
Proxy-Authorization: Basic XXXXXXXXXXXXXXXX\r\n
    Credentials: username:pwd


Hypertext Transfer Protocol
HTTP/1.1 502 Server Hangup\r\n
    [Expert Info (Chat/Sequence): HTTP/1.1 502 Server Hangup\r\n]
        [HTTP/1.1 502 Server Hangup\r\n]
        [Severity level: Chat]
        [Group: Sequence]
    Request Version: HTTP/1.1
    Status Code: 502
    Response Phrase: Server Hangup
Date: Thu, 08 Dec 2016 12:12:20 GMT\r\n
Connection: close\r\n
Via: HTTPS/1.1 localhost.localdomain\r\n
Cache-Control: no-store\r\n
Content-Type: text/html\r\n
Content-Language: en\r\n
Content-Length: 666\r\n
\r\n
[HTTP response 1/1]
[Time since request: 0.235017000 seconds]
[Request in frame: 456]
File Data: 666 bytes

CONNECT

Hypertext Transfer Protocol
    CONNECT apiurl.com:443 HTTP/1.1\r\n
        [Expert Info (Chat/Sequence): CONNECT apiurl.com:443 HTTP/1.1\r\n]
            [CONNECT apiurl.com:443 HTTP/1.1\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Method: CONNECT
        Request URI: apiurl.com:443
        Request Version: HTTP/1.1
    Host: apiurl.com:443\r\n
    Proxy-Connection: Keep-Alive\r\n
    \r\n
    [Full request URI: apiurl.com:443]
    [HTTP request 1/2]
    [Response in frame: 595]
    [Next request in frame: 880]


Hypertext Transfer Protocol
    HTTP/1.1 407 Proxy Authorization Required\r\n
        [Expert Info (Chat/Sequence): HTTP/1.1 407 Proxy Authorization Required\r\n]
            [HTTP/1.1 407 Proxy Authorization Required\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Version: HTTP/1.1
        Status Code: 407
        Response Phrase: Proxy Authorization Required
    Date: Thu, 08 Dec 2016 12:12:22 GMT\r\n
    Proxy-Connection: keep-alive\r\n
    Via: 1.1 localhost.localdomain\r\n
    Cache-Control: no-store\r\n
    Content-Type: text/html\r\n
    Content-Language: en\r\n
    Proxy-Authenticate: Basic realm="Websense Content Gateway"\r\n
    Content-Length: 666\r\n
    \r\n
    [HTTP response 1/2]
    [Time since request: 0.002752000 seconds]
    [Request in frame: 589]
    [Next request in frame: 880]
    [Next response in frame: 894]
    File Data: 666 bytes
1
proxywso2wso2-am

1 Answers

0
votes

Here's a solution that worked for me (I use ESB 5.0.0, not API Manager).

In my case I had to add proxyProfiles to my HTTP and HTTPS sender in axis2. So I had to:

  1. Delete proxy parameters in http and https sender:

    <parameter name="http.proxyHost" locked="false">some_host</parameter>
<parameter name="http.proxyPort" locked="false">some_port</parameter>

  2. Add parameter ProxyProfiles (in both http and https sender)

    <parameter name="proxyProfiles">
      <profile>
          <targetHosts>*</targetHosts>
          <proxyHost>some_host</proxyHost>
          <proxyPort>some_port</proxyPort>
          <proxyUserName>some_username</proxyUserName>
          <proxyPassword>some_password</proxyPassword>
      </profile>
</parameter>

  3. In my .xml API I deleted the Proxy-Authorization and POST_TO_URI.

more details: Working with Proxy Servers (wso2.com)

edit: after few more tests seems that HTTP needs Proxy-Authorization and POST_TO_URI parameters in API, but HTTPS instead of them needs proxyProfiles as I mentioned before. Without this it's impossible to call HTTPS service.