Document version: 29 August 2019
This Readme applies to Axway API Gateway and API Manager 7.7 SP 1, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for these products.
This service pack provides fixes for a number of reported defects. It includes updates for the following:
The service pack contains new API Gateway binaries and does not overwrite the existing API Gateway configuration. Service packs are cumulative and include all preceding fixes (service packs and patches) in this product version.
File packages: An installation archive is provided for supported platforms (for example, APIGateway_7.7_SP1_Core_linux-x86-64_BNYYYYMMDDn.tar.gz
).
Size: The file size differs for each platform. The MD5 checksum is provided for each file.
com.vordel.apimanager.uri.path.trailingSlash.preserve
to true
.false
.com.coreapireg.apimethod.contenttype.legacy
to true
.false
.com.axway.apimanager.api.data.cache
Java system property to true
.com.axway.apimanager.use404AuthSuccessNoMatch
to true.
com.axway.apimanager.csrf
to false
. The default is true
. Related issues: RDAPI-14363, RDAPI-16582, IAP-1592
Internal ID | Case ID | CVE Identifier | Description |
---|---|---|---|
RDAPI-15686 | 01039208 |
Issue: Security vulnerability present by not checking the filename parameter for downloading original API file.
Resolution: Filename parameter is checked and vulnerability is not present anymore. |
|
RDAPI-15753 | 01025418, 00989754, 00989774 |
Issue: There is no CSRF token protection for API Gateway Manager calls.
Resolution: Add CSRF token protection for API Gateway Management APIs. |
|
RDAPI-15817 | 01038716 |
Issue: Malicious user can overwrite the OAuth scopes passing extra scopes as a form param.
Resolution: If application finds that a scope is present as a form param the request is rejected as invalid. |
|
RDAPI-15901 | 01028530 |
Issue: API Manager reveals the existence of a user's email address through the response of the Users API /forgotpassword method.
Resolution: The API Manager Users API /forgotpassword method response no longer shows the distinction between valid and invalid emails. |
|
RDAPI-16090 | 01053630 |
Issue: Missing user name validations when changing current user name
Resolution: Validations for user name added. |
|
RDAPI-16111 | 01054493 |
Issue: JQuery version 3.3.1 has introduced a security vulnerability, we need to upgrade to 3.4.0
Resolution: JQuery version is now 3.4.0 |
|
RDAPI-16132 | 01054123 |
Issue: The Java version shipped with API Gateway contained security vulnerabilities.
Resolution: The API Gateway Java version has been upgraded to Open JDK 1.8.0_212. |
|
RDAPI-16439 | 01056395 |
Issue: In API Gateway, when requesting an Access Token using the OAuth 2.0 JWT flow, an OAuth client_id different than the one represented by the JWT token can be passed as a body parameter and injected in the Access Token.
Resolution: In API Gateway, when requesting an Access Token using the OAuth 2.0 JWT flow, the Gateway only use the OAuth client_id from the JWT token and disregard any value passed as a body parameter. |
|
RDAPI-16685 | 01043569, 01043657 |
Issue: API Manager OAuth implementation allows different client ids in header and body with the possibility of the wrong one being used.
Resolution: Client id is taken from body or header depending on policy configuration. Additional client ids are ignored. |
|
RDAPI-16764 | 01047281, 01048422 |
Issue: Security headers are missing from responses.
Resolution: Missing security headers have been added. Note: The existing configurations of API Manager should be updated with update-apimanager script in order to avail of the feature. New setup of API Manager should have feature by default. |
Internal ID | Case ID | Description |
---|---|---|
RDAPI-14654 | 01012757 |
Issue: User name checks are too strict for some customers.
Resolution: User name regular expression is configurable in Settings of API Manager UI. |
RDAPI-15063 | 01023688 |
Issue: When a global fault handler is defined in API Manager, if a request come on an existing path/method but with a verb that is not handled, the Global Fault Handler doesn't receive the http.response.info nor http.response.status attribute
Resolution: When a global fault handler is defined in API Manager, the response status is always accessible from the fault handler. |
RDAPI-15147 | 00977858 |
Issue: Unable to set API Manager user name from identity provider attribute.
Resolution: A new mapping option was added to the API Manager SSO <RenameMapping source="idpNameValue" target="userfullname"/> where "idpNameValue" is the Identity provider attribute mapping. |
RDAPI-15186 | 01020707 |
Issue: When a Multipart Content Type is used in the Email Alert filter, the policy completes but the email is not sent and an exception is written in the Trace logs.
Resolution: Selecting any Multipart Content Type in the Email Alert filter now sends the email successfully and no exception is written to the Trace logs. |
RDAPI-15306 | 01064166, 01064439 |
Issue: Content-Type validation does not permit WSDL requests with attachments of Content-Types other than the standard SOAP message request body.
Resolution: Content-Type validation now permits WSDL requests with attachments of varying Content-Types. |
RDAPI-15548 | 01033180 |
Issue: UTF-8 characters printed in product trace log are not displayed correctly in API Gateway Manager UI.
Resolution: Characters are now correctly encoded by Traffic Monitor REST API. |
RDAPI-15553 | 00975056 |
Issue: Metrics monitoring can show negative values for response time
Resolution: Invalid calculation for some HTTP requests has been corrected. |
RDAPI-15561 | 00973391, 00987292, 00992534, 01032122 |
Issue: When enabling CORS handling on a REST API configured in Policy Studio, OPTIONS requests were always returning every methods. In addition OPTIONS requests were invoking policy and returning a body when CORS profile was configured on Service.
Resolution: CORS handling is now performed on the REST API method level so only allowed methods are returned in the header. And it now makes sure that correct profile is accessed when performing preflight requests to prevent from calling policy and returning a body. |
RDAPI-15567 | 01028025 |
Issue: In Import Project in Policy Studio, if a project is selected before browsing, the file browser window opens on a list of most recent projects instead of the location of the specified project.
Resolution: When a project is chosen, Browser Window opens on the location of that project, otherwise it will open in root project location i.e. apiprojects. |
RDAPI-15627 | 01024906 |
Issue: API Manager does not allow special characters . and ~ in name of parameter, although these are allowed by swagger definition.
Resolution: API Manager now allows . and ~ as parameter name. |
RDAPI-15630 | 01012722 |
Issue: PGP Decrypt and Verify filter does not verify messages signed using a sign-only key.
Resolution: Added JVM SecurityProperty to configure PGP to allow verification of messages using sign-only keys: <ConfigurationFragment> <SecurityProperty name="com.axway.apigateway.security.pgpsignkeyalgorithmids" value="RSA_GENERAL,RSA_SIGN,DSA,ECDSA,EDDSA" /> </ConfigurationFragment> Default PGP algorithms: RSA_GENERAL,RSA_ENCRYPT,ELGAMAL_ENCRYPT,ELGAMAL_GENERAL,ECDH |
RDAPI-15656 | 00949172, 00951645 |
Issue: In the API Manager exported Swagger 2.0 file the security field scopes were incorrectly formatted for scope must match Any.
Resolution: Now, in the API Manager exported Swagger 2.0 file the security field scopes are correctly formatted for scope must match Any. |
RDAPI-15673 | 01012098 |
Issue: setup-cassandra script changes the default value of start_rpc property in casssandra,yaml file to true. This is no longer needed.
Resolution: setup-cassandra script respects the current value of start_rpc property in cassandra.yaml file. |
RDAPI-15679 | 00970706 |
Issue: Query parameter "from" in Monitoring Metrics Summary REST call does not change result.
Resolution: The query parameter, that did not have any effect on the call has been removed from the API. |
RDAPI-15745 | 01038330 |
Issue: OAuth2 applications could not be configured to use API Gateway selectors to set client credentials.
Resolution: Selectors are now accepted and processed by OAuth2 applications. |
RDAPI-15789 | 01023059 |
Issue: Checks on Application that all the APIs are accessible for assigned Organization are triggered during Organization refresh and causing unexpected dialog "Inconsistent API"
Resolution: UI is fixed to not trigger the checks on Application during Organization refresh and the unwanted "Inconsistent API" dialog is not shown as a result |
RDAPI-15814 | 01021192 |
Issue: Retired api is able to add to organization through organization view. Also "retired" and "deprecated" APIs are shown as "published" in Organization view.
Resolution: Correctly show "retired" and "deprecated" APIs in Organization view and disable adding of "retired" API to Organization. |
RDAPI-15837 | 01031369 |
Issue: When an API Project is upgraded a CassandraSettings entity is created. This entity should not be created for an API Project.
Resolution: Now when an API Project is upgraded, a CassandraSettings entity is not created. |
RDAPI-15849 | 01021932, 01022277 |
Issue: Jersey GlassFish library consumed semicolons as MatrixParam instead of a regular delimiter.
Resolution: Semicolon is no longer treated as the beginning of a matrix parameter, and it is processed as a reserved character. |
RDAPI-15870 | 01032245 |
Issue: Redeployment from Policy Studio causes the SSO login to fail as object maps are not correctly cleared.
Resolution: The SSO-enabled API Gateway with API Manager configured now clears the object maps correctly on redeployment. |
RDAPI-15874 | 01037992 |
Issue: Some columns are hidden in the table on page API Catalog, when values of name and url are too long
Resolution: Columns are always visible now, because there is limit of size for name and url and also scroll bar appears when values of the table are big |
RDAPI-15887 | 01012616 |
Issue: When a reported is generated in API Gateway Analytics the values inside the report differ when the file type changes from PDF to CSV.
Resolution: Generated PDF and CSV reports in API Gateway Analytics now have the same values when reports have the same date range. |
RDAPI-15897 | 01032374 |
Issue: API Methods' monitoring could display an empty timeline (whatever the selected period)
Resolution: The metrics' REST API has been corrected. |
RDAPI-15971 | 01008197 |
Issue: get scope by calling a policy does not trigger assigned policy.
Resolution: Policy is now properly trigger and scope retrieved. |
RDAPI-15988 | 01043924 |
Issue: OAuth Authorization Code Flow Filter throws an exception when an invalid value of the "prompt" parameter is passed resulting in potentially harmful information being written to the logs.
Resolution: OAuth Authorization Code Flow Filter now validates the prompt parameter prior to any authorization logic and gracefully fails without revealing any information about the technology used. |
RDAPI-16042 | 01039041, 00947773, 01043979, 00999332, 01027257 |
Issue: A default switch value was not implemented for custom properties, so if the switch was not interacted with then the field and corresponding value was not sent to the server on save.
Resolution: A default switch value is now set. |
RDAPI-16051 | 00965063 |
Issue: API Gateway does not forward all headers for HTTP HEAD request.
Resolution: HEAD requests are now managed the same way than GET or POST requests. Note: When relaying HEAD response that do not contains content length, product replaces 200 response code by 204. This behavior can be disabled by setting system property "-Dcom.vordel.dwe.auto204response=false" in product configuration. |
RDAPI-16054 | 01051981 |
Issue: API Manager calls appear on monitoring dashboard of API Gateway.
Resolution: API Manager calls are not monitored by API Gateway and do not appear on dashboard. |
RDAPI-16102 | 01043037, 01042746 |
Issue: OAuth Refresh flow only returns JSON output. "format" header is ignored.
Resolution: "format" header is now honoured. Other outputs such as XML are returned. |
RDAPI-16105 | 01036400 |
Issue: API Gateway does not set Cassandra's cluster port property.
Resolution: API Gateway will now set the Cassandra cluster port correctly, rather than always using the default. |
RDAPI-16116 | 01054182 |
Issue: No way to run update-apimanager when a group was protected by a passphrase
Resolution: Updated update-apimanager so that a group passphrase can be passed in using --passphrase. |
RDAPI-16151 | 01053244, 01053278, 01048495 |
Issue: Amendments to trailing slash behaviour for REST APIs in API Manager runtime caused path matching to fail for WSDL APIs due to an additional trailing slash.
Resolution: API Manager WSDL API path processing is corrected for SOAP requests sent to back-end server as defined in the corresponding WSDL binding port. |
RDAPI-16158 | 01038361, 01047751 |
Issue: Remote Host Load Balancer algorithm excludes previously failed address for non-configurable duration of one minute. This may lead to condition when all connection attempts to the listed Load Balancer addresses will fail.
Resolution: The exclusion time period for failed addresses listed in Load Balancer can now be configured to reduce risks of all connections failures. The following system environment variable should set to desirable downtime in milliseconds, AXWAY_LB_ALG_ADDR_DOWNTIME, default is 60000. |
RDAPI-16181 | 01053832 |
Issue: Selector security scanning was running against non selectors for the outbound parameter value field.
Resolution: Non selectors are not scanned now, because they will be encoded on outbound request anyway. And selectors are validated correctly, ensuring that they are valid selectors and will not encounter exceptions during an outbound request |
RDAPI-16208 | 01053421, 01045179, 01047139 |
Issue: API Gateway fails to handle correctly required Form Parameters on a back-end API when sent in a multi part request or if an additional attribute is present in the Content-Type header (for example "application/x-www-form-urlencoded; charset=UTF-8")
Resolution: API Gateway now handles required parameters when sent in a multi part request and accepts additional attributes in Content Types. |
RDAPI-16284 | 01025370, 01007245 |
Issue: In API Manager when configured Traffic Monitor Subject can be set for use in Metrics, a prefix of "Pass Through" is required for this type of client traffic data to be seen in API Manager Monitoring.
Resolution: Now all client traffic data is shown in API Manager Monitoring as relevant to the filter selected and user permissions. |
RDAPI-16319 | 01051869, 01050675 |
Issue: In API Gateway, XML message content redaction causes the instance to crash when the message contains Multi-Byte encoded characters and requires a restart.
Resolution: API Gateway now handles correctly XML message content redaction with Multi-Byte encoded characters. |
RDAPI-16331 | 01056234 |
Issue: HTTP Basic Filter accept only Basic for scheme name
Resolution: HTTP Basic and HTTP Digest filters process the Basic Authentication scheme case-insensitively as per RFC 7617. |
RDAPI-16474 | 01075780, 01078365, 01064036 |
Issue: API Manager is validating the encoding attribute as well as the MIME Type.
Resolution: Swagger import validation in API Manager validates only the base MIME type. |
RDAPI-16478 | 01041751, 01062343, 01062472, 01071286, 01026467 |
Issue: When API Manager has many applications, the deployment and startup are too slow. API management requests can interfere with 8065 traffic.
Resolution: API Manager no longer interferes with the deployment of API Gateway configurations when processing large amounts of application data. The API requests to API Manager traffic port 8065 now respond with the HTTP status '401 Unauthorized' when the API Client Cache is updating, instead of timing out. Caching is also non-blocking and more performant now. |
RDAPI-16491 | 01063687, 01063723 |
Issue: Frontend API creation fails when using https and unavailable host
Resolution: Frontend API creation does not fail when backend host is not available |
RDAPI-16494 | 01063817 |
Issue: In API Manager, sending requests with invalid Content-Type headers to a Virtual API results in an error with HTTP status code 403 which doesn't represent the error correctly.
Resolution: In API Manager, sending requests with invalid Content-Type headers to a Virtual API now results in an error response with the HTTP status code 415 and status message "Unsupported Media Type". |
RDAPI-16516 | 01052320 |
Issue: Some "SSL shutdown" errors can be triggered when reading or writing data to or from network.
Resolution: An SSL error status, that could remain in memory from a previous un-finished SSL handshake, is now cleared. Additional OpenSSL debug traces are now logged when the variable"V_SSL_SESS_DEBUG" is in use. |
RDAPI-16529 | 01064214 |
Issue: Sorting mechanism was not implemented for a number of columns in the API Backend, Frontend and Catalog tables in API Manager UI.
Resolution: Sorting mechanism implemented for all columns in the mentioned tables. |
RDAPI-16586 | 01063577 |
Issue: Exclamation mark (!) is being treated as an invalid character when importing an API from a URL.
Resolution: Validation of the URL now accepts characters specified in RFC3986. |
RDAPI-16637 | 01065847 |
Issue: API Manager import was removing parts of the Method Path which matched the API Resource Path.
Resolution: API Manager no longer removes parts of Method Path incorrectly importing |
RDAPI-16650 | 01051063 |
Issue: In API Gateway 7.5.3 and later, the SMIME Sign filter uses 'sha256' digest algorithm by default, but it incorrectly generates SMIME Content-Type header with micalg="sha1" attribute.
Resolution: You can change the default SMIME digest algorithm with the Java system property 'com.axway.apigw.smime.sign.md' in the jvm.xml file, or via the policy message attribute, for example, 'com.axway.apigw.smime.sign.md=sha1'. The policy message attribute supersedes the Java system property. The following digest algorithms are supported: sha1, sha224, sha256, sha384, and sha512. The corresponding SMIME Content-Type header 'micalg' attribute is set accordingly. |
RDAPI-16655 | 01065718, 01042409 |
Issue: In a API Manager, setting a custom subject inside the E-mail templates has no effect and E-mails are sent with their default subject.
Resolution: In API Manager, E-mails are now sent with custom subject if set in the templates, default subjects are used otherwise. |
RDAPI-16780 | 01052320 |
Issue: OpenSSL 'SSL_shutdown:shutdown while in init' error is reported for reused connection with previously failed handshake.
Resolution: Errors for the previous SSL handshake failure are now cleared. |
RDAPI-16795 | 01078661, 01071817 |
Issue: API Gateway ehcache filters fail to store unserializable class to disk.
Resolution: The com.vordel.circuit.cert.ocsp.CacheObject class is now serializable. |
RDAPI-16901 | 01072496 |
Issue: Trailing slash is incorrectly added to Per-Method Override Back-end Paths for WSDL APIs.
Resolution: Trailing slash is no longer incorrectly added to Per-Method Override Back-end Paths for WSDL APIs. |
RDAPI-17037 | 01075614 |
Issue: Projpack was failing to create a project if the run command contains --passfile and a string containing '-f'
Resolution: The script has been updated to properly handle the occurance of '-f' in a string |
RDAPI-17081 | 01036528 |
Issue: This Metrics tooltip from API Catalog sends a request to the server when created, this takes time so the code to hide the tooltip can complete before the server responds.
Resolution: This tooltip now sends a request to the server once when the page loads, and saves the response, so there is no longer a race condition. |
RDAPI-17245 | 01073729, 01075893 |
Issue: In API Manager, accessing an nonexistent URL on a configured API results in a HTTP status code "403 No match found for the request" which can cause confusion.
Resolution: In API Manager, the behavior of an unsuccessful match of an API can be configured to use 404 by adding the "com.axway.apimanager.use404AuthSuccessNoMatch=true" system property to the file jvm.xml in the directory conf/ of the API Manager instance. |
The following known issues are currently scheduled for the next service pack:
Internal ID | Description |
---|---|
RDAPI-13653 | API Portal incorrect Content-Type for SOAP + empty model schema |
RDAPI-14226 | Stored XSS in the application's Oauth Redirect URL. Encode OAuth Redirect URLs on output |
RDAPI-14901 | Swagger allOf limitation not documented |
RDAPI-15116 | API Manager remote hosts not synchronized between instances |
RDAPI-15298 | Update trailing slash support in Jython scripts samples |
RDAPI-15607 | Cant access NodeManager after submitting external CA signed certs |
RDAPI-15676 | API Manager: load Error "Map XXXX should be YYYY" after importing APIs |
RDAPI-15759 | Request headers reflected as response headers |
RDAPI-15780 | Swagger Generation Tool - Duplicate paths are not reported |
RDAPI-16048 | Error while importing api-gateway-swagger.json into API Manager |
RDAPI-16329 | Maven 'clean' on install/pom.xml does not cleanup install/system/lib |
RDAPI-16528 | Chrome needs double click to collapse filter path in traffic monitor view |
RDAPI-16544 | HTTPRedactor causes significant processing delay when there is a large message payload and the content-type is either application/xml or text/xml |
RDAPI-16575 | Duplicate headers returned when calling API Gateway Rest API |
RDAPI-16790 | KPS Admin Clear should not fail upon throwing a ObjectNotFound exception |
RDAPI-16954 | API Manager event poller unnecessarily locks cache updates from Cassandra |
RDAPI-17010 | API Manager swagger does not show Pass Through security device. |
RDAPI-17023 | Multiple Authorization header forwarded to the backend |
RDAPI-17026 | modsecurity - "403 operation blocked" not possible to change this status in response |
RDAPI-17032 | Core file generated while stress testing websockets #1 "Thread::join()" (core.vshell.23985) |
RDAPI-17034 | API Manager stripping mime sub part headers, incorrect processing of multipart types |
RDAPI-17040 | Policy called as REST API in Policy Studio, and local fault handler not catching unhandled false return from policy called by policy shortcut |
RDAPI-17047 | Core file generated while stress testing websockets #2 "__cxa_call_unexpected" (core.vshell.360) |
RDAPI-17083 | Error message "Cannot modify a published API" at startup after upgrading to 7.7.0 |
RDAPI-17088 | HTTP version in Transaction Audit Payload Logging is always HTTP/1.0 |
RDAPI-17093 | Forward slash ("/") is being appended to the resource path by API Broker policy after upgrade from SP7 |
RDAPI-17128 | User self-registration and Stored Personal Data - GDPR |
RDAPI-17132 | API Manager Traverse Error |
RDAPI-17250 | OAuth server does not return 401 in compliance with the RFC for certain "invalid_client" errors |
RDAPI-17276 | OpenID Connect tokens generated by the hybrid flow are missing c_hash |
RDAPI-17290 | Rest API paths created by policy studio duplicated |
RDAPI-17304 | Malformed JSON content is forwarded to backend, when it should be blocked by APIMgr |
RDAPI-17326 | Access token is wrongly generated when the 'scope' field contains 'openid' along with a scope which is not valid for the client |
RDAPI-17330 | json to xml filter crashes with proper JSON escaped "\" |
These instructions apply to API Gateway and API Manager classic deployments only. For container deployments, follow the instructions for applying a service pack in the API Gateway Container Deployment Guide.
This service pack has the following prerequisites in addition to those specified for the major product release version in the API Gateway Installation Guide:
Shut down any Node Manager or API Gateway instances on your existing installation.
Back up your existing installation. For details on backing up, see the API Gateway Administrator Guide.
Note: Ensure to back up any customized files in your INSTALL_DIR
. You should merge updated files instead of copying them back directly to avoid any regex matching issues. For example, the following directories might contain customized files:
webapps/apiportal/vordel/apiportal
webapps/emc/vordel/manager/app
webapps/emc
system/conf/apiportal/email
system/conf
samples/scripts/
tools/filebeat-VERSION-PLATFORM
INSTALL_DIR/apigateway/system/lib/modules
INSTALL_DIR/analytics/system/lib/modules
INSTALL_DIR/apigateway/platform/jre
kpsadmin
), and that the JAVA_HOME
variable is set correctly in cassandra.in.sh
and cassandra.in.bat
.setcap -r INSTALL_DIR/apigateway/platform/bin/vshell
If FIPS mode is enabled, you must also perform the following steps to install the service pack:
togglefips --disable
to turn FIPS mode off.togglefips --enable
to turn FIPS on again.This section describes how to install the service pack on existing installations of API Gateway or API Manager.
Note:
Note: If you have API Manager installed, installing the API Gateway server service pack automatically installs the updates for API Manager.
To install the service pack on your existing API Gateway 7.7 server installation, perform the following steps:
Remove any previous patches from your INSTALL_DIR/ext/lib
and INSTALL_DIR/META-INF directories (or the ext/lib
directory in an API Gateway instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
Unzip and extract API Gateway 7.7 SP1 server over the apigateway
directory in your existing installation directory. For example:tar -xzvf APIGateway_7.7_SP1_Core_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.7/apigateway/
apigateway
directory in your installation: INSTALL_DIR/apigateway
apigw_sp_post_install.sh
Note: On Linux, run the script using the bash
command, and ensure that the correct permissions are set.
Note:
ls -l INSTALL_DIR/apigateway/posix/bin
To install the service pack on your existing API Gateway Analytics 7.7 installation, perform the following steps:
analytics
directory in your existing API Gateway 7.7 installation directory. For example:tar -xzvf APIGateway_7.7_SP1_Analytics_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.7/analytics/
analytics
directory in your installation: INSTALL_DIR/analytics
apigw_analytics_sp_post_install.sh
Note: On Linux, run the script using the bash
command, and ensure that the correct permissions are set.
Note:
ls -l INSTALL_DIR/analytics/posix/bin
To install the service pack on your existing Policy Studio installation, perform the following steps:
INSTALL_DIR/policystudio
directory.INSTALL_DIR/policystudio/jre
policystudio
directory in your existing API Gateway 7.7 installation directory. For example: tar -xzvf APIGateway_7.7_SP1_PolicyStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.7/policystudio/
policystudio -clean
Note: The -clean option is needed the first time you start Policy Studio after installing the service pack.
To install the service pack on your existing Configuration Studio installation, perform the following steps:
INSTALL_DIR/configurationstudio
directory.INSTALL_DIR/configurationstudio/jre
configurationstudio
directory in your existing API Gateway 7.7 installation directory. For example: tar -xzvf APIGateway_7.7_SP1_ConfigurationStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.7/configurationstudio/
configurationstudio
-clean
Note: The -clean option is needed the first time you start Policy Studio after installing the service pack.
The following steps apply after installing the service pack.
To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:
INSTALL_DIR/system/conf/jvm.xml
file: <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
Run the command setcap 'cap_net_bind_service=+ep cap_sys_rawio=+ep' INSTALL_DIR/platform/bin/vshell
to allow the API Gateway to listen on privileged ports.
For more details on configuring API Gateway to run on privileged ports, see the API Gateway Administrator Guide.
Notes:
anon
from the jdk.tls.disabledAlgorithms
Java security property in the INSTALL_DIR/Linux.x86_64/jre/lib/security/java.security
file<VMArg
name="-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"/>
line to the INSTALL_DIR/system/conf/jvm.xml
fileWhen API Manager is installed, you must run the update-apimanager
script after the API Gateway post-install script to ensure that all paths are up-to-date.
Tip: You can run this command once at the API Gateway group level, instead of on every API Gateway instance, for example:
/opt/Axway-
7.7/apigateway/posix/bin/update-apimanager
--username=admin --password=MY_PASSWORD --group=API_MGR_GROUP
If the API Gateway group is protected by a passphrase, you must append the above command with --passphrase=API_MGR_GROUP_PASSPHRASE
The following command shows an example of running the update-apimanager
script when the Client Application Registry is installed:
/opt/Axway-
7.7/apigateway/posix/bin/update-apimanager
--username=admin --password=MY_PASSWORD --group=API_MGR_GROUP
--productname=clientappreg
If the API Gateway group is protected by a passphrase, you must append the above command with --passphrase=API_MGR_GROUP_PASSPHRASE
Go to the Documentation portal at https://docs.axway.com to find all documentation for this product version.
The following reference documents are available on the Documentation portal at https://docs.axway.com:
The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Support at https://support.axway.com.
Copyright © 2019 Axway. All rights reserved.