Axway API Gateway API Manager 7.5.3 SP10 Readme

Document version: 22 February 2019



Readme for 7.5.3 SP10

This Readme applies to Axway API Gateway and API Manager 7.5.3 SP10, for all supported platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for the products.

This service pack provides fixes for a number of reported defects. It includes updates for the following components:

The service pack contains new binaries only and does not overwrite the existing configuration. Service packs are cumulative and include all preceding fixes (service packs and patches) in this product version.

File packages: An installation archive is provided for all supported platforms (for example, APIGateway_7.5.3_SP10_Core_linux-x86-64_BNYYYYMMDDn.tar.gz).

Size: The file size differs for each platform. The MD5 checksum is provided for each file.

Fixed issues

Fixed security vulnerabilities

Internal ID Case IDCVE IDDescription
RDAPI-13868 00989768, 00990108, 01014125 Issue: Location header in 303 See Other response displayed absolute URIs to host specified in Host header, which could be modified and cause a security issue.
Resolution: Location header now contains a relative URI by default, according to RFC 7231. To display absolute URIs in the Location header,
set the com.axway.response.redirect.location.relative Java system property to false in INSTALL_DIR/apigateway/system/conf/jvm.xml.
RDAPI-13972 00999435 CVE-2016-4000 Issue: API Gateway used Jython 2.5.2, which included security vulnerabilities.
Resolution: API Gateway has been updated to use Jython 2.7.1.
RDAPI-14497 01009656 Issue: The API Gateway SOAP response to a message with an empty body contained a fault namespace indicating that it was an Axway API Gateway.
Resolution: You can use the -Dcom.axway.soap.faultnamespace system property in jvm.xml to rename this namespace to avoid any potential security issues.
RDAPI-14498 01010245 Issue: Threatening Content filter only scanned the value of the first query string parameter with a specific name, allowing it to be bypassed using multiple parameter values of the same name.
Resolution: Threatening Content filter now scans every query string parameter value regardless of name.
RDAPI-14582 01010153 Issue: When the JWT Verify filter executed in Policy Studio, JWT token payload was visible in plain text logs at INFO trace level, causing a Medium CVSS security risk.
Resolution: JWT token payload is now redacted from tracing at all levels.
RDAPI-14615 01012736 Issue: Input for phone, mobile, email, and description was not properly validated in the API Manager User API.
Resolution: Input validation for phone and mobile fields and improved email validation have been added.
RDAPI-14836 01019411 Issue: Error handling exposed information in API Manager if you issued a PUT request with invalid data in the request body to the advisorybanner API.
Resolution: If you try to update the advisorybanner using invalid data, API Manager now displays the correct error message, and no information is exposed.
RDAPI-14980 01019129 Issue: OAuth authorization code flow did not check that authorization code corresponds to client when generating authorization token.
Resolution: API Gateway checks that authorization code corresponds to client requesting the authorization token and rejects token creation if it does not.
RDAPI-15049 01025419, 01032060 CVE-2015-9251

Issue: API Gateway shipped with jQuery 2.2.4, which was vulnerable to Cross-Site Scripting (XSS) attacks when a cross-domain Ajax request was performed without the dataType option, causing text/javascript responses to be executed.
Resolution: API Gateway has been upgraded to jQuery 3.3.1.

RDAPI-15107 01028183 Issue: API Manager XSS security vulnerability with old versions of Internet Explorer.
Resolution: Code supporting old browsers has been removed because it contained an XSS security vulnerability. Internet Explorer versions 8.0 and 9.0 are no longer officially supported by API Gateway v7.5.x, as stated in the API Gateway Installation Guide.
RDAPI-15318 01032508 Issue: The Java version shipped with API Gateway contained security vulnerabilities.
Resolution: The API Gateway Java version has been upgraded to JRE 1.8.0_202.
For more information, see: https://www.oracle.com/technetwork/java/javase/8u202-relnotes-5209339.html

Other fixed issues

Internal IDCase IDDescription
RDAPI-12357 00949835 Issue: Problems importing Swagger when array contained primitive types like string.
Resolution: Swagger import now allows arrays that contain simple types.
RDAPI-13326 00966372 Issue: Exception could be triggered when signing XML elements for which namespace prefix does not exist.
Resolution: XML exception is no longer triggered when a namespace prefix is not required.
RDAPI-13412 00982276 Issue: Partial and inconsistent validation was performed on the Backend URL field in API Manager. The URL validation was implemented correctly, but HTTPS/certificate validation was not, and invalid field information disappeared on losing focus of the field.
Resolution: Both types of validation are now done in a consistent manner, and both errors have the same look and feel when triggered.
RDAPI-13635 00985086 Issue: WSDL with more than one endpoint per binding (for example, HTTP and HTTPS) only displayed the first endpoint when imported in API Manager.
Resolution: API Manager now displays all the endpoints of each imported WSDL.
RDAPI-13975 00999445 Issue: Links sent to finish API Manager user registration process did not work when special characters like + were used in email address.
Resolution: Email address parameter is now encoded in the URL.
RDAPI-14065 00999714

Issue: In API Manager, importing WSDL from an SSL-protected endpoint with a self-signed certificate failed.
Resolution: WSDL import from an SSL-protected endpoint with a self-signed certificate now succeeds.

RDAPI-14075 00987150 Issue: In API Manager, virtualized API with path that contained trailing unencoded whitespace was not matched by the matching filter.
Resolution: Front-end regex validation and back-end import validation now remove the invalid whitespace and warn the user.
RDAPI-14142 00999170, 01012763, 00998920, 01021762 Issue: API Gateway sometimes showed cardinality violation exceptions in error traces. These indicated that the loaded configuration of some entities was corrupted in-memory, and no new values could be set for them, which could lead to undefined behavior.
Resolution: API Gateway is no longer affected by a race condition accessing and setting the loaded entity store configuration values. API Gateway can now update the entity store configuration values in-memory successfully.
RDAPI-14205 01004743 Issue: When publishing an API on a virtual host in API Manager, the virtual host matching was case sensitive and resulted in an error if a different case was presented.
Resolution: The virtual host matching in API Manager is now case insensitive.
RDAPI-14297 00942267, 01004780 Issue: When changing an organization name, if an application API key was previously loaded in a Try It form, API Manager displayed:
The entity could not be found. Please refresh your session.
Resolution: This issue has been fixed and API Manager no longer displays this error message.
RDAPI-14301 01002805, 01009406 Issue: In API Manager, the update organization API method (PUT /api/portal/v.1.3/organizations/{id}) failed to do basic checks to prevent corrupt data, allowing broken links between KPS tables, invalid email addresses, and setting flags that were usually unavailable in the UI.
Resolution: The update organization API method now enforces stronger validation, similar to the create organization API method.
RDAPI-14380 01007579 Issue: kpsadmin commands could sometimes reach the standard transaction timeout before completion.
Resolution: kpsadmin commands now run until completion. The kpsadmin command result report now also shows the duration length (in seconds) and the final HTTP response status.
RDAPI-14417 01008596 Issue: Error raised when decrypting JWT tokens that were encrypted by another security provider with RSA OAEP algorithm.
Resolution: The security provider has been improved to support RSA OAEP for both encryption and decryption.
RDAPI-14421Issue: DataStax Java client driver used by API Gateway was not optimized for Apache Cassandra v2.2.12.
Resolution: API Gateway now uses DataStax Java client driver v3.5.0, which supports Cassandra v2.2.12.
RDAPI-14459 01000557 Issue: API Gateway GET requests had different error messages from PUT, POST, and DELETE.
Resolution: API Gateway error handling now provides the same HTTP status codes for all REST API requests.
RDAPI-14461 01010010 Issue: Adding a value to an API Gateway cache configured with a First-In-First-Out eviction policy incorrectly removes the value if it already exists in the cache. And if the Persist to Disk setting is selected when the cache is full, no eviction policy is executed when adding data.
Resolution: The existing value is no longer removed from the cache, and is updated when required. If Persist to Disk is selected when the cache is full, the eviction policy supported by the cache persistence store is executed when adding data.
RDAPI-14478 01001297 Issue: When using an OCSP Client filter with multiple response validation options selected, the client aborted and would not execute subsequent validation if the first option failed.
Resolution: The client now tries every selected validation option before aborting.
RDAPI-14489 01001883 Issue: Visual Mapper incorrectly created an Any tag when mapping an XSD element without a type defined.
Resolution: Visual Mapper no longer creates an Any tag when mapping an XSD element without a type defined.
RDAPI-14490 00995523 Issue: AWS Signing (Authorization Header) security device in API Manager did not validate the request timestamp, which did not comply with Amazon documentation.
Resolution: The security device now validates the request timestamp and complies with Amazon requirements.
RDAPI-14517 01008734 Issue: API Gateway Create Thumbprint filter sometimes removed leading zeros due to problems with translation of byte array to string.
Resolution: Create Thumbprint filter no longer removes leading zeros.
RDAPI-14551 01003624, 01003697 Issue: In some rare cases, for HTTP requests with a body, the API Gateway Send to ICAP filter duplicated the Content-Type header.
Resolution: The Send to ICAP filter now ensures that content headers are not duplicated.
RDAPI-14571 01010596 Issue: Product Version field in API Gateway Manager was initially set to unknown, and updated when the service call returned. If the call was not fast enough, API Gateway Manager did not update with the correct version.
Resolution: Version is now displayed in API Gateway Manager when the client receives the service call response.
RDAPI-14588 01012632, 01029798 Issue: Performance of API Gateway File Upload filter was up to 20 times faster with File Type of ASCII and Connection Type of FTP or FTPS, when compared to File Type of Binary.
Resolution: File Upload filter now calls a more efficient OutputStream to improve performance when File Type is Binary and Connection Type is FTP or FTPS.
RDAPI-14632 01013406 Issue: API Manager did not respect trailing slash when sending request to back-end with API method exposed on / only and Java system property set to preserve trailing slash.
Resolution: Trailing slash is now preserved when sending request to back-end with the com.vordel.apimanager.uri.path.trailingSlash.preserve system property set to true.
RDAPI-14674 01014764 Issue: The Access Token using OAuth Client Credentials filter failed on execution if a Token Type other than Bearer was used in requests, even if the Access Token Type field was set correctly in Policy Studio.
Resolution: The Access Token using the Client Credentials filter now accepts and validates a custom Access Token Type.
RDAPI-14684 01012436 Issue: Using OpenSSL configuration engine with API Gateway generated loading error when initializing EngineConfig module.
Resolution: API Gateway has been updated to load the legacy crypto engine configuration successfully.
RDAPI-14706 01013276 Issue: In API Manager, an additional incorrect forward slash (/) was appended when matching API definitions that start with path parameters.
Resolution: The incorrect leading / when matching the URL to the method definition has been removed.
RDAPI-14774 01019448 Issue: When importing or updating OAuth client credentials, API Gateway checked that the redirectUrl value was a URL, and included validation against empty strings.
Resolution: API Gateway now omits empty and whitespace-only values, and only checks that values are URLs and imports them when they have content.
RDAPI-14775 01027997

Issue: MIME Content-Type validation in API Manager incorrectly checked all content types when validating compound body types when only multipart/* was consumed.
Resolution: The validation now only checks compound body types when the API consumes content types other than multipart/*.

RDAPI-14829 01019887 Issue: API Gateway instance could crash when trying to log a trace message during shutdown.
Resolution: API Gateway trace logging has been fixed.
RDAPI-14830 01020923 Issue: API Gateway crashed on reaching maximum connections when sending HTTPS requests through an HTTP proxy.
Resolution: The connections counter has been fixed and connection attempts that exceed the maximum now fail with an error message.
RDAPI-14854 01018773, 01016524 Issue: API method parameters without Data Type value in API Manager caused issues when attempting to view API definition in API Catalog.
Resolution: Added validation on method import and in API Manager UI, and a default value for missing Data Type.
Note: You must reimport existing APIs with this behavior to resolve missing data types with a default of string.
RDAPI-14903 01022533 Issue: HTTP redaction could generate invalid documents when parsing chunked bodies, and crash could occur when redacting unbalanced XML documents.
Resolution: HTTP redaction has been fixed, and unbalanced XML documents are now handled correctly.
RDAPI-14919 01023427, 01024783, 01030405 Issue: Additional validation added in RDAPI-13510 made it impossible to upload an outbound SSL certificate for a virtualized API.
Resolution: This validation has been updated to allow the upload of .p12 certificate files.
RDAPI-14920 01022178 Issue: When updating an image for any user, the API Manager user panel at the top right was updated to show you connected as that user, regardless of who was logged in.
Resolution: The API Manager user panel is only updated when the image for the logged-in user is updated.
RDAPI-14921 01009556 Issue: External Credentials were displayed in API Manager in a grid structure with no maximum rows or paging, which caused excessive memory use with large data sets.
Resolution: The display format has been changed from a grid structure to a list with paging and filtering functionality.
RDAPI-14941 01023087 Issue: Using the apimanager-promote script, if the folder containing data (api-export.dat and promotion.properties) also contained subfolders or empty files, an exception was thrown.
Resolution: Subfolders and empty files are now ignored.
RDAPI-14991 01021772 Issue: The Conversation field for a Hardware Security Module (HSM) was removed from the Private Key dialog in Policy Studio v7.5.3.
Resolution: The content of the Conversation field can now be added to the Key Id field and separated by ; in the HSM configuration in Policy Studio.
RDAPI-15051 01023734

Issue: API Gateway XSLT Transformation filter incorrectly alters some UTF-8 characters.
Resolution: API Gateway XML parser has been fixed. However, the Apache Xalan transformer may still cause invalid output. You can solve this issue by configuring XML output or changing the provider (for example, to net.sf.saxon.TransformerFactoryImpl) in the filter's Advanced settings.

Note: Your system must now also be configured for UTF-8. You can do this by defining a system locale supporting UTF-8 (for example, en_US.UTF-8), or adding the -Dfile.encoding=UTF-8 JVM startup parameter.

RDAPI-15096 01026334 Issue: No Match For Request error when Content-Type was not equal to the API method MIME type.
Resolution: Use the com.coreapireg.apimethod.contenttype.legacy=true system property to disable this Content-Type check for single API method exact matching and to allow legacy API method matching. For example:
<ConfigurationFragment>
    <VMArg name="-Dcom.coreapireg.apimethod.contenttype.legacy=true" />
</ConfigurationFragment>

The default is false.
RDAPI-15187 01029757 Issue: API Gateway crashed when writing data to a corrupt traffic monitor file.
Resolution: File corruption is now detected before trying to add data to it.
RDAPI-15219 01023041 Issue: During update and refresh operations, API Manager deactivated listeners on all of its APIs. If the list was long enough, API Manager could begin listening for changes before the refresh operation was complete, resulting in perceived updates to APIs and many PUT requests being sent to the back-end.
Resolution: API Manager listener handling is now fully verbose, and this race condition cannot be encountered.
RDAPI-15401 01015430, 01031170, 00998764 Issue: Calls to API Manager User and Application APIs were very slow when large numbers of users and/or applications were created.
Resolution: Set the com.axway.apimanager.api.data.cache system property to true to cache users and applications in memory at startup. In-memory cache is kept up-to-date using the API Manager events mechanism.
RDAPI-15410 01035768, 01035475 Issue: An API Gateway Global Fault Handler Policy could not be used for all API Manager fault processing.
Resolution: An API Gateway Global Fault Handler Policy can now be used for all API Manager fault processing. To enable this, set the com.axway.apimanager.fault.global Java system property to true.

Known issues

Disable CSRF check if using API Manager Management APIs

If you are using the API Manager Management APIs, you must disable the CSRF token check implemented in v7.5.3 SP9. To disable this check, set the com.axway.apimanager.csrf Java system property to false. The default is true.

Related issues: RDAPI-14363, IAP-1592

Apache Cassandra v2.2.12 support not documented in user guides

v7.5.3 SP10 adds improved support for Apache Cassandra 2.2.12 (see RDAPI-14421). However, the API Gateway Installation Guide and API Gateway Upgrade Guide incorrectly state that API Gateway supports Apache Cassandra versions 2.2.5 and 2.2.8 only. This user documentation will be updated to reflect support for Cassandra version 2.2.12 at a later date.

Related issues: RDAPI-14421

Other known issues

The following known issues are currently scheduled for the next service pack.

Internal IDDescription
RDAPI-12338 API Manager generates wrong top-level OAuth security requirements in Swagger
RDAPI-12891 API Gateway not compliant when HEAD request with Connect to URL filter, and Content-Range header in response
RDAPI-12966 Incorrect Resource URI forwarded to API Manager Backend API when OPTIONS verb is used
RDAPI-13393 Inadequate use of cache-related headers [CWE-525] on API Manager /api/portal/v1.3/users
RDAPI-13416 Zip Slip vulnerability—codehaus/plexus-archiver 2.7.1 [CVE-2018-1002200]
RDAPI-13723 Policy called as REST API in Policy Studio, and local fault handler not catching unhandled false return from policy called by policy shortcut
RDAPI-13839 Subject in Event Log not in sync with Traffic Log when Pass Through configured in API Manager
RDAPI-14487 API Manager quota read consistency in multi-datacenter configuration
RDAPI-14506 managedomain regen_certs in unattended mode always generates new domain certificate
RDAPI-14552 API Gateway libxml2 outdated and unsecured
RDAPI-14613 In Policy Studio, when importing a policy fragment, deselected items are imported anyway
RDAPI-14638 Error creating account for external identity provider with name containing special characters
RDAPI-14707 PGP verify fails if the message is signed with private key with passphrase
RDAPI-15048 API Gateway Analytics—CSV does not match PDF report for same time range
RDAPI-15163 Issue when configuring passphrase on API Gateway with $ character in the password
RDAPI-15209 API Manager custom attributes have serious UI deficiencies
RDAPI-15217 API Manager does not properly handle application exceptions and can allow information leakage
RDAPI-15218 API Manager reveals existence of user's email through application redirection in response
RDAPI-15253 JSON body formatted by API Manager when passing through to API Gateway
RDAPI-15301 Missing buffer overflow protection in API Gateway native code—stack canaries not enabled
RDAPI-15322 API Manager query string not accepting "."
RDAPI-15462 After Data Map is executed with bad input, even good input causes a blank response until API Gateway instance restarts


Install the service pack

Prerequisites

This service pack has the following prerequisites in addition to those specified for the major product release version in the API Gateway Installation Guide:

  1. Shut down any Node Manager or API Gateway instances on your existing installation.
  2. Back up your existing installation. For details on backing up, see the API Gateway Administrator Guide.
Note  Ensure to back up any customized files in your INSTALL_DIR. You should merge updated files instead of copying them back directly to avoid any regex matching issues. For example, the following directories might contain customized files:
  1. webapps/apiportal/vordel/apiportal
  2. webapps/emc/vordel/manager/app
  3. webapps/emc
  4. system/conf/apiportal/email
  5. system/conf
  6. samples/scripts
  7. For details on API Manager customization, see the API Manager User Guide.
  1. Remove any old third-party libraries by deleting the following directories:
    INSTALL_DIR/apigateway/system/lib/modules
    INSTALL_DIR/analytics/system/lib/modules
  2. Remove the old Jython version by deleting the following directories:
    INSTALL_DIR/apigateway/system/lib/jython
    INSTALL_DIR/analytics/system/lib/jython
  3. If you have an existing Apache Cassandra installation, ensure that you back up your data (Cassandra and kpsadmin), and that the JAVA_HOME variable is set correctly in cassandra.in.sh and cassandra.in.bat.

FIPS mode only

If FIPS mode is enabled, you must perform the following steps to install the service pack:

  1. Run togglefips --disable to turn FIPS mode off.
  2. Start the Node Manager to move the JARs.
  3. Stop the Node Manager.
  4. Install the API Gateway service pack.
  5. Start the Node Manager.
  6. Stop the Node Manager.
  7. Run togglefips --enable to turn FIPS on again.
  8. Start the Node Manager.

Installation

This section describes how to install the service pack on existing installations of API Gateway or API Manager.

Note   

Install the API Gateway server service pack

Note  If you have API Manager installed, installing the API Gateway server service pack automatically installs the updates for API Manager.

To install the service pack on your existing API Gateway 7.5.3 server installation, perform the following steps:

  1. Ensure that your existing API Gateway instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Note  On Windows, if you are running in a console in the foreground, you should also close the console. If Cassandra is co-located with API Gateway, you must also stop Cassandra and close the Cassandra console. If there are any open file locks, this may prevent apigw_sp_post_install.bat from completing successfully.
  3. Remove any previous patches from your INSTALL_DIR/ext/lib and INSTALL_DIR/META-INF directories (or the ext/lib directory in an API Gateway instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  4. Unzip and extract API Gateway 7.5.3 SP10 server over the apigateway directory in your existing installation directory. For example:
    tar -xzvf APIGateway_7.5.3_SP10_Core_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.3/apigateway/
  5. Change to the apigateway directory in your installation: 
  6. WindowsINSTALL_DIR\apigateway
  7. LinuxINSTALL_DIR/apigateway
  8. Run the following script:
  9. Windowsapigw_sp_post_install.bat
  10. Linuxapigw_sp_post_install.sh
  11. Note  On Linux, run the script using the bash command, and ensure that the correct permissions are set.
  12. API Gateway Appliance only:
  13. Perform the following additional steps as the root user on the appliance before starting the Node Manager or API Gateway:
  14. Run the following command:
    [ -f /etc/apigateway/ssl-engines.xml ] && mv /etc/apigateway/ssl-engines.xml /etc/apigateway/ssl-engines.xml.1
  15. Run the following:
    chown -R admin:admin /opt/gateway/
    grep "java.library.path" /opt/gateway/system/conf/jvm.xml || sed -i.bak -e '/<JVMSettings/a\\n <!-- Set to allow correct library load after setting CAP_NET_BIND_SERVICE on vshell -->\n <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>' /opt/gateway/system/conf/jvm.xml
    setcap 'cap_net_bind_service=+ep cap_sys_rawio=+ep' /opt/gateway/platform/bin/vshell
    ldconfig
Note   

Install the API Gateway Analytics service pack

To install the service pack on your existing API Gateway Analytics 7.5.3 installation, perform the following steps:

  1. Ensure that your existing API Gateway Analytics instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Unzip and extract API Gateway Analytics 7.5.3 SP10 over the analytics directory in your existing API Gateway 7.5.3 installation directory. For example:
    tar -xzvf APIGateway_7.5.3_SP10_Analytics_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.3/analytics/
  3. Change to the analytics directory in your installation: 
  4. WindowsINSTALL_DIR\analytics
  5. LinuxINSTALL_DIR/analytics
  6. Run the post-install script for API Gateway Analytics:
  7. Windowsapigw_analytics_sp_post_install.bat
  8. Linuxapigw_analytics_sp_post_install.sh
Note   

Install the Policy Studio service pack

To install the service pack on your existing Policy Studio installation, perform the following steps:

  1. Shut down Policy Studio.
  2. Back up your existing INSTALL_DIR/policystudio directory.
  3. Unzip and extract Policy Studio 7.5.3 SP10 over the policystudio directory in your existing API Gateway 7.5.3 installation directory. For example: 
    tar -xzvf APIGateway_7.5.3_SP10_PolicyStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.3/policystudio/
Note  The first time you start Policy Studio, you must use policystudio -clean.

Install the Configuration Studio service pack

To install the service pack on your existing Configuration Studio installation, perform the following steps:

  1. Shut down Configuration Studio.
  2. Back up your existing INSTALL_DIR/configurationstudio directory.
  3. Unzip and extract Configuration Studio 7.5.3 SP10 over the configurationstudio directory in your existing API Gateway 7.5.3 installation directory. For example: 
    tar -xzvf APIGateway_7.5.3_SP10_ConfigurationStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.5.3/configurationstudio/
Note  The first time you start Configuration Studio, you must use configurationstudio -clean.

After installation

The following steps apply after installing the service pack.

API Gateway

Note  On the API Gateway Appliance, you can skip the following steps if you already ran the code in steps 6 and 7 in Install the service pack.

To allow an unprivileged user to run API Gateway on a Linux system, perform the following steps:

  1. Add the following line to the INSTALL_DIR/system/conf/jvm.xml file: 
  2. <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
  3. Run the command setcap 'cap_net_bind_service=+ep cap_sys_rawio=+ep' INSTALL_DIR/platform/bin/vshell to allow the API Gateway to listen on privileged ports.
  4. Create a file /etc/ld.so.conf.d/gateway-libs.conf that contains the following lines:
  5. INSTALL_DIR/platform/jre/lib/amd64/server
    INSTALL_DIR/platform/jre/lib/amd64
    INSTALL_DIR/platform/lib/engines
    INSTALL_DIR/platform/lib
    INSTALL_DIR/ext/lib
  6. Run the following command to reload the library cache file:
  7. ldconfig

API Manager

When API Manager is installed, you must run the update-apimanager script after the API Gateway post-install script to ensure that all paths are up-to-date.

Tip  You can run this command once at the API Gateway group level, instead of on every API Gateway instance, for example:

/opt/Axway-7.5.3/apigateway/posix/bin/update-apimanager --username=admin --password=MY_PASSWORD --group=API_MGR_GROUP

Client Application Registry

The following command shows an example of running the update-apimanager script when the Client Application Registry is installed:

/opt/Axway-7.5.3/apigateway/posix/bin/update-apimanager --username=admin --password=MY_PASSWORD --group=API_MGR_GROUP --productname=clientappreg

Documentation

Go to the Axway Documentation portal at https://docs.axway.com to find all documentation for this product version.

The following reference documents are available on the Axway Documentation portal at https://docs.axway.com:

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.

Email support@axway.com or visit Axway Support at https://support.axway.com.

Copyright © 2019 Axway. All rights reserved.