We have already discussed on implementing custom grant types for OAuth2 in this blog post. Today, we are going to implement a Mutual SSL (X.509 certificate) based grant type for WSO2IS/APIM Following must be noted. Mutual SSL is handled at transport level. OAuth2 Grant handler has no any idea on the mutual SSL. Once mutual SSL […]
Category: SSL
With latest browsers (Firefox v39.0, Chrome v45.0) you would probably be hit by following issue due to use of weak DHE ciphers for SSL communication in the WSO2 products. To resolve this issue, you have following three options. Option 1. You need to disable the all DHE cipher which is used. So; you can configure […]
WSO2 API Manager is using OAuth2 for securing the APIs which are exposed by it. Currently API Manager implementation is tightly bound with the OAuth2. However, there is some way in APIM that we can write our own authentication mechanism for APIs instead of using OAuth2. But it is normally not recommended as some other functions such […]
This is my second blog post about enabling mutual SSL for ESB proxy services. In my previous blog post, we enabled mutual SSL for all deployed proxy services. But in this blog post, we are going to enable mutual SSL for only selected proxy services. Let assume we have proxy service call “TestProxy” and also there are many […]
Lets see how we can enable mutual SSL (two-way SSL) for all the proxy services that are deployed in WSO2 ESB Configuring Mutual SSL in ESB Step 1 : Enable mutual SSL for transport receiver of the WSO2 ESB WSO2 ESB uses Pass through transport (or NIO ) for sending and receiving messages. You can […]