Configuration Provisioning

Microgateway 10.7 | webMethods Microgateway Help | Asset and Configuration Provisioning | Configuration Provisioning

The Administration configuration for Microgateway is provisioned in one of the following ways:

From the default settings file, system-settings.yml, which is used for starting a Microgateway server.

From the user-defined custom settings YAML file, which is used when you want to include some custom settings that needs to override the default settings. The user-defined custom settings YAML file is passed as an argument using the -c option during Microgateway startup.

Note:
From release 10.4, the administration configuration settings are no longer picked up from input archive files.

Default settings file: system-settings.yml

When you start Microgateway server the default settings are read from the system configuration file, which is under config/system-settings.yml and contains the following entries:

faults: contains variables for error handling during runtime.

extended_settings: various kinds of settings for runtime.

gateway_destination: API Gateway settings for logging into API Gateway.

key_store: Keystore settings for establishing HTTPS connections.

trust_store: Truststore settings for HTTPS handshake for specific policies.

system: internal settings.

To enable the policy enforcement on a Microgateway the following configurations need to be provisioned in Microgateway:

extended

apiFault

elasticsearchDestinationConfig

gatewayDestinationConfig

Note:
The external Elasticsearch configuration is optional, and needs to be specified if you have such an Elasticsearch in your environment. You require an external Elasticsearch if you have the Log Invocation policy enforced where Elasticsearch destination is selected. You have to specify the external Elasticsearch configuration settings in the user-defined custom settings YAML file.

The system settings file should not be modified. Any specific changes required are specified in the custom settings file.

The default configuration file system-settings.yml looks as follows:

---
faults:
default_error_message: "API Gateway encountered an error.
Error Message: $ERROR_MESSAGE. Request Details: Service - $SERVICE,
Operation - $OPERATION, Invocation Time:$TIME, Date:$DATE,
Client IP - $CLIENT_IP, User - $USER and Application:$CONSUMER_APPLICATION"

native_provider_fault: "false"

extended_settings:
defaultEncoding: "UTF-8"
apiKeyHeader: "x-Gateway-APIKey"
apig_MENConfiguration_tickInterval: "60"
events.collectionQueue.size: "10000"
events.collectionPool.minThreads: "1"
events.collectionPool.maxThreads: "8"

gateway_destination:
sendPolicyViolationEvent: "true"

key_store:
type: JKS
provider: SUN
location: config/keystore.jks
password: password

system:
version: "10.4.0.0.303"
---

User-defined Custom settings YAML file

If you have certain custom settings that you want Microgateway to use by overriding the default settings specified in the system-settings.yml file, you can provision these configuration settings from a user-defined custom settings YAML file. You can create the custom settings file as required. If a particular setting value is not present in the custom settings YAML file, then the appropriate value is taken from the default config/system-settings.yml file. The custom settings YAML file contains the configuration values for starting Microgateway and the settings for replacing the system-settings.yml.

The configuration values for starting a Microgateway are as follows in this table.

Configuration values	Settings
ports	Ports configuration section
	http. HTTP port exposed by Microgateway.
	https. HTTP port exposed by Microgateway.
	key_alias. Key alias for exposing the server certificate on the HTTPS port.
api_gateway	API Gateway configuration section
	url. API Gateway URL.
	user. API Gateway user.
	password. API Gateway user password.
	dir. API Gateway installation folder.
	download_settings. Flag to control the download of settings.
api_endpoint	API endpoint section
	base_path. Base path of the APIs exposed by Microgateway.
admin_api	Admin API section
	user. Microgateway user for authenticating requests against the Admin API section.
	password. Microgateway user password.
	admin_path. base path of the Admin API.
	downloads. Asset provisioning section.
	apis. APIs to download from API Gateway.
	applications. Applications to download form API Gateway.
	policies. Global policies to download form API Gateway.
archive	Archive section
	file. Archives to be loaded during startup.
policies	Policy configuration section
	user_auth. Configuring user configuration.
logging	Logging configuration section
	level. Logging level.
	path. File system path for storing log files.
applications_sync	Application synchronization section
	enabled. Flag to enable application synchronization.
	applications_to_sync. Applications to synchronize.
	polling_interval_secs. Polling interval in seconds.
	connection_timeout_secs. Connection time in seconds when synchronizing applications.

A sample user-defined custom settings YAML file looks as follows:

ports:
http: 7000
archive:
file: /tmp/myarchive.zip
fault:
...
extended_settings:
...
gateway_destination:
...
es_destination
protocol: "http"
hostName: "<name of the ElasticSearch host>"
port: "9240"
userName: ""
password: ""
indexName: "gateway_default_analytics"

metricsPublishInterval: "60"
sendErrorEvent: "false"
sendLifecycleEvent: "false"
sendPerformanceMetrics: "false"
sendPolicyViolationEvent: "true"

sendAuditlogPackageManagementEvent: "false"
sendAuditlogPlanManagementEvent: "false"
sendAuditlogApplicationManagementEvent: "false"
sendAuditlogAliasManagementEvent: "false"
sendAuditlogRuntimeDataManagementEvent: "false"
sendAuditlogPolicyManagementEvent: "false"
sendAuditlogApprovalManagementEvent: "false"
sendAuditlogUserManagementEvent: "false"
sendAuditlogAdministrationEvent: "false"
sendAuditlogGroupManagementEvent: "false"
sendAuditlogAccessProfileManagementEvent: "false"
sendAuditlogAPIManagementEvent: "false"
sendAuditlogPromotionManagementEvent: "false"

Reading Settings from API Gateway

You can read and use the settings from API Gateway during the startup of the Microgateway server, by using the parameter download_settings from the YAML configuration file. The default value of the parameter is false.

# API Gateway configuration
api_gateway:
url: http://hostname:port
user: Administrator
password: password
dir: /opt/softwareag/IntegrationServer/instances/default
download_settings: true | false

You can also specify download_settings as a command line option during Microgateway startup as follows:

-Shortcut, --Name	Default	Description
-ds, --download_settings	false	Download the settings from API Gateway.

Creating Individual Settings Files

You can create a custom configuration file including all the settings. These settings are pulled from a specified API Gateway.

Use the following command to create a settings file:

./microgateway.sh downloadSettings options

where you can use the various command line options detailed in the Command Line Reference.

Example: Use the following command within CLI to create the custom settings YAML file:

./microgateway.sh downloadSettings -gw gateway-url -gwu user
-gwp password [--config config-file] --output filename

If you do not specify any input settings while creating the custom settings YAML file, then the custom settings file created contains all the API Gateway setting entries, such as fault, extended_settings, and so on. The following invocation creates a custom settings YAML file by downloading settings from the API Gateway running on apigateway-host:

./microgateway.sh downloadSettings -gw http://apigateway-host:5555 -gwu Administrator
-gwp password --output config/custom-settings.yml

If you have specified an input settings file, the input settings are merged with the settings downloaded form API Gateway. The following invocation creates a merged settings file, custom-settings.yml:

./microgateway.sh downloadSettings -gw http://apigateway-host:5555 -gwu Administrator
-gwp password --config my-config.yml --output config/custom-config.yml

Security Settings

The security settings can be pulled from API Gateway directly or can be configured in the custom settings YAML file. The security settings pulled directly from API Gateway take precedence over the security settings configured in the custom settings YAML file.

A sample configuration file with the aliases looks as follows:

---
security_settings:
providers:
- !<clientMetadataMapping>
id: "PingFederate"
name: "PingFederate"
type: "clientMetadataMapping"
owner: "Administrator"
providerName: "PingFederate"
implNames:
grant_types: "grantTypes"
logo_uri: "logoUrl"
scope: "restrictedScopes"
client_secret: "secret"
redirect_uris: "redirectUris"
client_name: "name"
client_id: "clientId"
extendedValues: {}
extendedValuesV2:
- endpointType: "CLIENT_REGISTRATION"
key: "restrictScopes"
value: "true"
- endpointType: "CLIENT_UPDATE"
key: "restrictScopes"
value: "true"
- !<clientMetadataMapping>
id: "OKTA"
name: "OKTA"
type: "clientMetadataMapping"
owner: "Administrator"
providerName: "OKTA"
implNames: {}
extendedValues: {}
extendedValuesV2: []
auth_servers:
- !<authServerAlias>
id: "local"
name: "local"
description: "Gateway default authorization server"
type: "authServerAlias"
owner: "Administrator"
localIntrospectionConfig:
issuer: "JWTISSUER"
remoteIntrospectionConfig:
introspectionEndpoint: "http://localhost:5555/invoke/pub.oauth/instrospectToken"
clientId: "introspection-client"
clientSecret: "********************************"
user: "Administrator"
tokenGeneratorConfig:
audience: "SAG"
expiry: 30
algorithm: "RS256"
accessTokenExpInterval: 3600
authCodeExpInterval: 3600
sslConfig:
keyStoreAlias: "DEFAULT_IS_KEYSTORE"
keyAlias: "ssos"
metadata: {}
authServerScopes:
- "Test_LocalOauth"
- "Dev_LocalOauth"
supportedGrantTypes:
- "authorization_code"
- "password"
- "client_credentials"
- "refresh_token"
- "implicit"
oauthTokens: []
---