Download



Axway API Gateway 7.5.1 SP 1 Readme

Document version: 5 August 2016


Readme for 7.5.1 SP 1

This Readme applies to Axway API Gateway 7.5.1 SP 1, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the product.

The main aim of this service pack is to provide fixes for a number of reported defects. This service pack contains updates for:

The service pack contains new binaries only and does not overwrite the existing configuration.

File packages: An installation archive is provided for all platforms (for example, APIGateway_7.5.1_SP1_Core_win-x86-32_BNYYYYMMDDn.zip for Windows).

Size: The file size differs for each platform. The MD5 checksum is provided for each file.

Corrections and enhancements

This service pack provides the following corrections and enhancements.

Internal ID Case ID Description
RDAPI-898 00838339 Issue: Delay in outgoing requests from API Gateway while under load.

Resolution: Previously, the transaction access logging was doing a reverse DNS lookup with the source IP address to obtain the source host name required to print %h.

Now, the transaction access logging uses the message attributes to retrieve the source host name required to print %h macro.

RDAPI-3698 Issue: Sysupgrade --clean broken on Windows.

Resolution: Previously, after upgrading API Gateway on Windows, running sysupgrade.bat clean threw an error.

Now, sysupgrade.bat clean runs without errors.

RDAPI-3829 00825167

Issue: Valid JSON Path incorrectly returns no matches.
Resolution: Previously, the JSON Path filter was unable to handle certain filter expressions due to limitations in the underlying 3rd party JSON path library.

Now, the JSON Path filter handles these filter expressions. The underlying 3rd party library has been updated to fix the problem.

Before installing the service pack, you must remove the old JSON path file ($VDISTDIR/system/lib/modules/json-path-1.2.0.jar). Installing the service pack installs a JSON path file (json-path-2.2.0.jar) in the same directory.

In addition, Policy Studio uses the JSON path file to validate path expressions. Before installing the service pack, you must also remove the file from Policy Studio (policystudio/plugins/com.vordel.rcp.filterbase_7.5.1._DATE/lib/json-path-1.2.0.jar). Installing the service pack installs a JSON path file (json-path-2.2.0.jar) in the same directory.

RDAPI-3879 00843196 00840339 Issue: The Admin User Rest API documentation is empty.

Resolution: Previously, the Admin User Rest API documentation was missing.

Now, the Admin User Rest API documentation has been regenerated. It is available at https://support.axway.com/htmldoc/1433379.

RDAPI-3884 751232

Issue: Unable to configure SSL options for outgoing connections.

Resolution: Previously, you could not configure SSL/TLS protocols for outbound connections in the Connect To URL filter in API Gateway.

Now, you can configure default SSL/TLS protocols for outbound connections in the Connect To URL filter using the system/conf/ssloptions.xml settings file.

<ConfigurationFragment> 
    <SystemSettings> 
        <!-- SSL options for outgoing connections --> 
... 
        <!-- Do not use the TLSv1.1 protocol --> 
        <!-- <attribute key="ssloptions">notlsv1_1</attribute> --> 

        <!-- Do not use the TLSv1.2 protocol --> 
        <!-- <attribute key="ssloptions">notlsv1_2</attribute> --> 
    </SystemSettings> 
</ConfigurationFragment> 
RDAPI-3978 00846257 00842837

Issue: When a JSON Path expression is not matched, neither the failure path nor the fault handler is invoked.
Resolution: Previously, when a JSON Path expression you had configured in Policy Studio was not matched in a JSON document, neither the failure path nor the fault handler was invoked.

Now, when there is no match, the JSON Path filter executes a failure path or fault handler.

RDAPI-4220 00844652

Issue: SAML2 Authentication Assertion fails with a null pointer exception.
Resolution: Previously, setting a null value in an assertion resulted in a null pointer exception error.

Now, a null value produces an assertion with the following value:

<saml:Attribute Name="attrib1" NameFormat="">

<saml:AttributeValue *xsi:nil="true"*/>

<saml:AttributeValue>value1</saml:AttributeValue>

RDAPI-4255 00845501

Issue: Cannot run nodetool due to missing JRE.
Resolution: Previously in API Gateway v7.5.1, after installing Cassandra, it was not possible to run Cassandra tools (such as nodetool in the INSTALL_DIR/cassandra/bin directory) because JAVA_HOME was not set in the cassandra/bin/cassandra.in.sh and cassandra/bin/cassandra.in.bat files.

Now, setting JAVA_HOME has been included in the service pack installation instructions, so after installation the Cassandra tools work as expected.

RDAPI-4485 00839882

Issue: SSL protocols from ssloptions.xml are not always enforced with Remote Host in API Gateway
Resolution: Previously, the Connect to URL filter with Remote Host settings did not always enforce the SSL protocols configured in system/conf/ssloptions.xml.

Now, the Connect to URL filter always uses the SSL protocols configured in system/conf/ssloptions.xml.

Known issues

The following issues are known and scheduled for correction in a future release.

Internal ID Case ID Description
RDAPI-4545 00847780 Path parameter data type cannot be changed (the default type is string).
RDAPI-3953 00838718 API Gateway hangs for 12 seconds when processing a policy.

Install the service pack

Prerequisites

This service pack has the following prerequisites in addition to the prerequisites specified for the main product release:

  1. Shut down any Node Manager or API Gateway instances on your existing installation.
  2. Back up your existing installation. For details on backing up, see the API Gateway Administrator Guide.
  3. Remove any old third-party libraries. To do this, delete the INSTALL_DIR/system/lib/modules directory.
  4. Remove the old JSON path file from Policy Studio (policystudio/plugins/com.vordel.rcp.filterbase_7.5.1._DATE/lib/json-path-<version>.jar).
  5. If you have an existing Cassandra installation, ensure JAVA_HOME is set correctly in cassandra.in.sh and cassandra.in.bat to ensure Cassandra tools are launched successfully.
  6. If you have installed API Gateway on the same host as Cassandra, and you want to use the JRE installed with API Gateway, the default locations are:

FIPS mode only

If FIPS mode is enabled, you must perform the following steps:

  1. Run togglefips --disable to turn FIPS mode off.
  2. Start the nodemanager to move the JARs.
  3. Stop the nodemanager.
  4. Install API Gateway 7.5.1 SP 1.
  5. Start the nodemanager.
  6. Stop the nodemanager.
  7. Run togglefips --enable to turn FIPS on again.
  8. Start the nodemanager.

Installation

This section describes how to install the service pack on an existing installation of API Gateway.

Note

Install the API Gateway Core Server service pack

To install the service pack on your existing API Gateway 7.5.1 Core Server installation, perform the following steps:

  1. Ensure that your existing API Gateway instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or the ext/lib directory in an API Gateway instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Unzip and extract API Gateway 7.5.1 SP 1 Core over the apigateway directory in your existing installation directory. For example:
  4. tar -xzvf APIGateway_7.5.1_SP1_Core_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.1/apigateway/
API Gateway Appliance only
  1. In addition, before starting the Node Manager or API Gateway, you must run the following command:
  2. # [ -f /etc/vordel/ssl-engines.xml ] && mv /etc/vordel/ssl-engines.xml /etc/vordel/ssl-engines.xml.1

  3. Run the following:
  4. # chown -R admin:admin /opt/gateway/

    # grep "java.library.path" /opt/gateway/system/conf/jvm.xml || sed -i.bak -e '/<JVMSettings/a\\n <!-- Set to allow correct library load after setting CAP_NET_BIND_SERVICE on vshell -->\n <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>' /opt/gateway/system/conf/jvm.xml

    # setcap 'cap_net_bind_service=+ep cap_sys_rawio=+ep' /opt/gateway/platform/bin/vshell

    # ldconfig

Note

Install the API Gateway Analytics service pack

To install the service pack on your existing API Gateway Analytics 7.5.1 installation, perform the following steps:

  1. Ensure that your existing API Gateway Analytics instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib directory (or the ext/lib directory in an API Gateway Analytics instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Unzip and extract API Gateway 7.5.1 SP 1 Analytics over the analytics directory within your existing API Gateway 7.5.1 installation directory. For example:
  4. tar -xzvf APIGateway_7.5.1_SP1_Analytics_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.1/analytics/

Note

Install the Policy Studio service pack

To install the service pack on your existing Policy Studio installation, perform the following steps:

  1. Shut down Policy Studio.
  2. Back up your existing INSTALL_DIR/policystudio directory.
  3. Unzip and extract API Gateway 7.5.1 SP 1 Policy Studio over the policystudio directory within your existing API Gateway 7.5.1 installation directory. For example:
  4. tar -xzvf APIGateway_7.5.1_SP1_PolicyStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.1/policystudio/

Note

Install the Configuration Studio service pack

To install the service pack on your existing Configuration Studio installation, perform the following steps:

  1. Shut down Configuration Studio.
  2. Back up your existing INSTALL_DIR/configurationstudio directory.
  3. Unzip and extract API Gateway 7.5.1 SP 1 Configuration Studio over the configurationstudio directory within your existing API Gateway 7.5.1 installation directory. For example:
  4. tar -xzvf APIGateway_7.5.1_SP1_ConfigurationStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.1/configurationstudio/

Note

After installation

Note

To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:

  1. Add the following line to the INSTALL_DIR/system/conf/jvm.xml file.
  2. <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:
    $VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:
    $VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:
    $VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>

  1. Run the command setcap 'cap_net_bind_service=+ep' INSTALL_DIR/platform/bin/vshell to allow the API Gateway to listen on privileged ports.

Documentation

Go to Axway Sphere at https://support.axway.com to find all documentation for this product version.

For information about how API Gateway is used in Axway 5 Suite, refer to:

All Axway documentation is available from Axway Sphere at https://support.axway.com.


Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Sphere at https://support.axway.com.


Copyright © 2016 Axway. All rights reserved