Document version: 19 December 2019
This Readme applies to Axway API Gateway and API Manager 7.7 SP 2, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for these products.
This service pack provides fixes for a number of reported defects. It includes updates for the following:
The service pack contains new API Gateway binaries and does not overwrite the existing API Gateway configuration. Service packs are cumulative and include all preceding fixes (service packs and patches) in this product version.
File packages: An installation archive is provided for supported platforms (for example, APIGateway_7.7_SP2_Core_linux-x86-64_BNYYYYMMDDn.tar.gz
).
Size: The file size differs for each platform. The MD5 checksum is provided for each file.
com.vordel.apimanager.uri.path.trailingSlash.preserve
to true
. The default value is false
.com.coreapireg.apimethod.contenttype.legacy
to true
. The default value is false
.com.axway.apimanager.api.data.cache
Java system property to true
. com.axway.apimanager.use404AuthSuccessNoMatch
to true.
The default value is false
.To import API Gateway Management API Swagger into API Manager API Catalog, you must add the application/x-download
MIME type to the default list of the MIME types in API Gateway.
To do that, select Server Settings > General > Mime configuration in the Policy Studio tree and add application/x-download
to the MIME list.
Once the configuration is deployed to API Gateway, the API Gateway Manager API swagger can be imported into API Manager API Catalog.
webapps
directory. No dynamic content is served from the webapps
directory. This means that there is no risk of the browser to make an incorrect assumption of the content type and create a security vulnerability. The X-Content-Type-Options response header with the value nosniff is included with HTTP responses serving dynamic content by default.com.axway.apimanager.csrf
to false
. The default is true
. Related issues : RDAPI-14363, RDAPI-16582, IAP-1592
Internal ID | Case ID | CVE Identifier | Description |
---|---|---|---|
RDAPI-17326 | 01046587, 01052413 |
Issue: openid is always accepted as a valid scope in all OAuth configurations.
Resolution: A system variable com.axway.oauth.scopes.openid.allow can be set to "false" when customers do not want openid to be valid. |
|
RDAPI-17768 | 01083881 |
Issue: The response to a HTTP OPTIONS request contains the HTTP OPTIONS request headers.
Resolution: The response to a HTTP OPTIONS request no longer contains the HTTP OPTIONS request headers. |
|
RDAPI-18101 | 00963339 | CVE-2019-14379 |
Issue: Jackson-databind version 2.9.5 has security vulnerabilities.
Resolution: This component has been updated to 2.9.10 which does not have these security vulnerabilities. |
RDAPI-18239 | 01096489 |
Issue: A malicious user can use a bad scope to force the authentication request to redirect an error message to a non validated URI.
Resolution: Redirected URIs are validated before the scopes, and an invalid request response is sent if the URI is invalid. That will assure that in the event of a bad scope, the error information will be redirected to a legal URI. |
|
RDAPI-18262 | 01095306 |
Issue: Dojo 1.10.4 has a security vulnerability
Resolution: Upgraded to Dojo 1.10.10 where the vulnerability is fixed |
|
RDAPI-18558 | 01112196 | CVE-2019-1547 |
Issue: API Gateway shipped with OpenSSL 1.0.2s-fips.
Resolution: API Gateway ships with OpenSSL 1.0.2t-fips, addressing the following security vulnerabilities: CVE-2019-1547 |
Internal ID | Case ID | Description |
---|---|---|
RDAPI-14901 | 01006999 |
Issue: allOf was not supported, and it was not documented as a limitation
Resolution: allOf is now supported in models and as a response schema |
RDAPI-16296 | 01103876, 01058292 |
Issue: When redaction is enabled, floating-point numbers in JSON body display in exponential format.
Resolution: The format of the floating-point numbers in JSON body is preserved. |
RDAPI-16528 | 01064213 |
Issue: UI issues when expanding or collapsing nodes of Filter Execution Path in Traffic view of API Gateway Manager.
Resolution: UI issues of Filter Execution Path in Traffic view of API Gateway Manager were fixed. |
RDAPI-16544 | 01062392 |
Issue: When HTTP redaction is enabled, API Gateway automatically turns on XML redaction for XML messages, which can cause performance issues.
Resolution: Enabling HTTP redaction will not automatically perform XML redaction on XML messages unless it is specifically configured. |
RDAPI-17010 | 01079458 |
Issue: The Pass Through security device is missing from the API Manager front-end API Swagger export when the API is protected with a Security Profile containing multiple security devices that includes a Pass Through security device.
Resolution: The Swagger export now contains the Pass Through security device, which is exported as as empty JSON object in the Security Profile. |
RDAPI-17026 | 00999364 |
Issue: ModSecurity status code was harcoded to 403
Resolution: ModSecurity status code can now be configured in ModSecurity configuration. |
RDAPI-17032 | 01059408 |
Issue: An assertion is triggered when thread cannot be started.
Resolution: Threads will no longer terminate process when they could not be started. |
RDAPI-17047 | 01059408 |
Issue: Process termination is triggered when network connection cannot be instantiated.
Resolution: Connection instantiation errors are no longer triggering process termination. |
RDAPI-17083 | 01115117, 01085364, 01067392, 01066405 |
Issue: After upgrading API Gateway to version 7.7, the message 'Cannot modify a published API' is displayed during startup or at a deployment of APIs that were published on the previous version.
Resolution: The error message is no longer displayed for these published APIs. |
RDAPI-17093 | 01064543, 01085364, 01078637 |
Issue: No option to prevent API Manager adding a forward slash "/" to back-end API calls.
Resolution: Add the "com.vordel.apimanager.swagger.method.singleslash.ignore=true" Java system property to the file jvm.xml in the directory conf/ of the instance to disable passing a single slash method path to the back-end. For example: <ConfigurationFragment> <VMArg name="-Dcom.vordel.apimanager.swagger.method.singleslash.ignore=true" /> </ConfigurationFragment> |
RDAPI-17128 | 01064774 |
Issue: User data entered during registration was expired but kept in the database when the user was not validated.
Resolution: User data entered during registration is now entered with a "time to live" parameter which will cause the data to be deleted from the database when registration is expired. |
RDAPI-17132 | 01040133 |
Issue: Deleting APIs when there are multiple Node Managers causes corruption of quota relations in database tables leading to a failed to traverse error.
Resolution: The is fixed by not caching the quota relations which avoids corrupting the quota relations when deleting APIs. |
RDAPI-17152 | 01066497 |
Issue: Conflicts can occur during merging of API projects due to incorrect comparison of entity fields of type Boolean.
Resolution: Entity fields of type Boolean are now correctly compared. |
RDAPI-17250 | 01084300, 01056692 |
Issue: OAuth server does not return 401 in compliance with the RFC for certain invalid_client errors.
Resolution: OAuth server returns 401 as per RFC. |
RDAPI-17276 | 01105019, 01074983 |
Issue: In API Gateway, when using OpenID Connect 1.0 on top of the OAuth 2.0 protocol, OpenId tokens generated by the hybrid flow do not contain the c_hash (code hash) value.
Resolution: OpenID tokens generated by the hybrid flow now include c_hash. |
RDAPI-17290 | 01075542 |
Issue: When a REST API is created in Policy Studio and then deployed to a API Gateway, the base path appears duplicated in Dynamic Settings of API Gateway Manager.
Resolution: In API Gateway Manager, Dynamic Settings now lists REST APIs created in Policy Studio only once. |
RDAPI-17304 | 01076160 |
Issue: Malformed JSON content may bypass API request payload validation in some cases.
Resolution: API request payload validation strictly verifies all tokens in JSON payload for Objects and Arrays. To enable relaxed JSON parsing, set the Java system property com.axway.json.parser.legacy to true. The default is false. |
RDAPI-17330 | 01080317 |
Issue: JSON to XML filter was crashing in some specific cases for valid input
Resolution: JSON to XML filter is fixed now and should work properly for valid inputs |
RDAPI-17374 | 01054344, 01070938 |
Issue: Custom attributes added during invocation of a policy during the OAuth External inbound security authentication were discarded upon failed authentication, and thus were not available to the Fault Handler.
Resolution: Upon failed OAuth External authentication all custom attributes created during policy invocation are retained, and are available to be used in the Fault Handler. |
RDAPI-17385 | 01059408 |
Issue: In API Gateway, in some specific cases, the caching of SSL connections was producing memory leaks that could cause the gateway to crash.
Resolution: In API Gateway, memory handling has been reviewed and is now fixed for SSL connections caching. |
RDAPI-17405 | 01087893, 01088304 |
Issue: After deploying to a gateway, a new API Client Cache is created but all references to the old cache are not removed so the memory it consumes is not made available again.
Resolution: All references to the discarded API Client Cache are removed, so the memory it was consuming is made available again right after deployment completes. |
RDAPI-17477 | 01091120, 01087893 |
Issue: Requests return status code 401 while the API Client Cache is still updating.
Resolution: Requests will now return status code 503 unless system variable com.axway.apimanager.apiclient.cache.response.legacy is set to True. |
RDAPI-17482 | 01083828 |
Issue: Transaction access logger is doing a reverse DNS lookup with the source IP address even when "%h" is not used.
Resolution: A DNS lookup has been removed from policy pre-execution phase. |
RDAPI-17539 | 01075694 |
Issue: The IP address authentication filter updates are very slow.
Resolution: The performance of IP address authentication filter is improved as the amount of disk I/O performed is significantly reduced. |
RDAPI-17568 | 01085199 |
Issue: Resource Repository entry for previously imported API could not be found causing API import from URL to fail for a repeated URL and API combination.
Resolution: Once the entry's existence is confirmed in memory a reference to it is used to import the API definition. |
RDAPI-17590 | 01090971, 01082542, 01100983, 01109883, 01095837 |
Issue: Swagger was not properly serialized in some cases after switch to new swagger library.
Resolution: Swagger serialization was fixed by using associated serialization functionality. |
RDAPI-17671 | 01094845 |
Issue: Some trace messages were not being formatted correctly in the Node Manager trace viewer
Resolution: The trace messages are now formatted correctly |
RDAPI-17704 | 01069445 |
Issue: Deployment REST API envsettings/service/{serviceId} returns 500 Internal server error when instance is remote.
Resolution: It now returns the environment settings of the remote instance as requested. |
RDAPI-17706 | 01096639, 01096739 |
Issue: XML Signature Verify filter causes orphaned, leaked files in temporary directory.
Resolution: The XML Signature Generate and XML Signature Verify filters are updated for thread-safety, and they correctly cleanup resources allocated for attachments of the processed message payload. |
RDAPI-17748 | 01099089 |
Issue: API Gateway was sending redundant data during cache synchronization process.
Resolution: Data sent during cache synchronization is reduced. |
RDAPI-17781 | 01068308, 01100492 |
Issue: Back-end invocation failing with 500 when outbound OAuth is used and Trace level is set to DATA.
Resolution: Back-end invocation works with outbound OAuth and all trace levels. |
RDAPI-17783 | 01097471 |
Issue: Trace: Error traces not provided when an error is triggered when an OAuth scope is added as form paramter.
Resolution: Error traces are now shown in logs. |
RDAPI-17790 | 01077309 |
Issue: Attempting to generate a Swagger 2.0 file from API Manager's API Catalog for a virtualized Swagger 2.0 API was dropping the following fields:
- Response header description removed - License name was removed - Schema $ref lost for 'array' responses Resolution: Issues regarding Swagger generation were fixed. |
RDAPI-17903 | 01090822 |
Issue: API Gateway does not check OAuth Authz codes' expiry times when stored in an SQL DB. Purge thread is responsible to delete expired codes. This caused a potential delay, as API Gateway treated all available codes as valid.
Resolution: API Gateway now checks OAuth Authz codes expiry time when uses it. Purge thread behaves as before. |
RDAPI-17986 | 01091984 |
Issue: In Policy Studio REST API Repository, editing a method does not work if an error response is configured for the method.
Resolution: An API REST method with an error response configured can now be edited. |
RDAPI-18032 | 01095443 |
Issue: Error found whilst attempting to perform a sysupgrade export.
Resolution: The LDAP query to retrieve users was incorrect and has been updated to retrieve users successfully. |
RDAPI-18034 | 01111550, 01080681, 01071286, 01084375 |
Issue: The deployment time for API Manager is too slow when there are many APIs and methods defined in KPS.
Resolution: Improved caching in API Manager while loading API method data stored in KPS. Reuse compiler when loading the Script filters. |
RDAPI-18037 | 01094555, 01094399 |
Issue: API Manager startup time slows down considerably in HA environments when the number of organizations increase.
Resolution: Organizations are cached in memory so the calls to DB are reduced. This makes the startup process faster. |
RDAPI-18045 | 01019805 |
Issue: API Gateway cannot configure group passphrase with $ character in the password.
Resolution: API Gateway allows to configure group passphrase containing $ character. |
RDAPI-18103 | 01074742 |
Issue: A missed impact in the advanced editing implementation leads to a blank entity reference overwriting the first in the list of node locations for the XML Signature Generation & Verification filters
Resolution: Valid node location references are not overwritten during save in advanced editing mode |
RDAPI-18106 | 01087893, 01088304 |
Issue: The browser is unable to process the number of External Clients, OAuth Clients, and API Keys that API Gateway is returning - upwards of a 100 MB payload in the response payload.
Resolution: Server side pagination is implemented for GET requests for API Keys, OAuth Clients, and External Clients resulting in much smaller payloads being returned to the client. |
RDAPI-18109 | 01048992, 01049266 |
Issue: As an User a getApplications call results in an individual call to KPS for every application to look up permissions
Resolution: The permissions are already cached, we are now using the cached permissions rather than reading from KPS for each application |
RDAPI-18113 | 01073806, 01074080 |
Issue: Event logging for API Manager was incorrectly overwriting the Application Id in the Service Context "client" field.
Resolution: API Manager no longer overwrites the Service Context "client" field from its initial value. |
RDAPI-18117 | 01079030 |
Issue: The apimanager-promote script only had capabilities to add API access to an organisation. There was no functionality to revoke access.
Resolution: You can use the new organization.apis.remove property, which was added to the script, to allow to revoke API access from organisations. |
RDAPI-18119 | 01094845, 01065335, 01066017, 01087748, 01100629 |
Issue: Error on formatting in Traffic Monitor GUI and Trace Files
Resolution: The alignment of trace output has been corrected. The trace indentation error is now reported per processing thread, and if reported, the trace indentation stays intact in unaffected threads. |
RDAPI-18152 | 01085199, 01082725 |
Issue: API Manager blocks its own traffic when processing virtualized API updates.
Resolution: API Manager no longer blocks its own traffic. |
RDAPI-18201 | 01110388 |
Issue: KPS Admin tool was unable to delete rows.
Resolution: KPS Admin tool is now able to deleted rows. |
RDAPI-18230 | 01108718 |
Issue: The Analytics post install script was failing whilst attemtping to run the 'updateNodeConfig' script.
Resolution: The Analytics post install has been updated to run the correct script 'updateAnalyticsConfig'. |
RDAPI-18237 | 01098414, 01108764 |
Issue: KPS Cache caches empty search results.
Resolution: You can use the new Java system property com.axway.kps.cache.ignorenull, which defaults to False, to not cache empty results. |
RDAPI-18245 | 01104282 |
Issue: There is an error when a JSON message containing an empty message goes through redaction, which results in API Gateway failing to log the correct data in the Traffic Monitor.
Resolution: In API Gateway, JSON Redaction accepts empty objects in messages and logs the result to the Traffic Monitor. |
RDAPI-18260 | 01026796, 01046656 |
Issue: SFTP client filter shows intermittent handshake failure when uploading files to an API Gateway SFTP Server.
Resolution: Intermittent handshake failures are fixed after SFTP implementation is upgraded from using mina-sshd v0.6.0 to v2.2.0. Warning: The log4j.properties file was changed in order to add logging for the SFTP Server. Therefore, when applying a patch or upgrade, you must merge your changes back to the updated log4j.properties file. |
RDAPI-18298 | 01078644, 01078776, 01109328, 01110676 |
Issue: Nested relative path behavior changed, causing customer policies to fail
Resolution: The invocation of policies for nested relative paths in API Gateway has been corrected according to Axway API Gateway documentation. |
RDAPI-18310 | 01093544 |
Issue: RegEx pattern for email validation was incorrect.
Resolution: RegEx pattern for email validation changed to comply with rfc5322. |
RDAPI-18320 | 01101884, 01100259 |
Issue: The SMTP connection security setting (SSL or TLS) that API Manager uses for sending emails is not applied to the API Manager SMTP SSL port.
Resolution: The SMTP connection security setting is now applied to the API Manager SSL SMTP port. |
RDAPI-18409 | 01106697 |
Issue: Validation failing for imported SSL certs in API Manager due to missing passphrase.
Resolution: SSL certs are validated correctly using the passphrase. |
RDAPI-18426 | 01085118 |
Issue: An organization's read-only createdOn field can be reset using a PUT request.
Resolution: An organization's createdOn field can no longer be changed using a PUT request. |
RDAPI-18481 | 01118106 |
Issue: RegEx validation for back-end API Method Parameter Name incorrectly disallows hyphen '-' in the name
Resolution: RegEx validation now allows the use of a hyphen in an API parameter name |
RDAPI-18564 | 01107890 |
Issue: One disabled OAuth credential makes the rest of OAuth credentials not usable.
Resolution: Disabling/Enabling one OAuth credential will not affect the rest of OAuth credentials. |
The following known issues are currently scheduled for the next service pack:
Internal ID | Description |
---|---|
RDAPI-13653 | API Portal incorrect Content-Type for SOAP + empty model schema |
RDAPI-15607 | Cant access NodeManager after submitting external CA signed certs |
RDAPI-15676 | API Manager load error "Map XXXX should be YYYY" after importing APIs |
RDAPI-15759 | Request headers reflected as response headers |
RDAPI-16575 | Duplicate headers returned when calling API Gateway Rest API |
RDAPI-16954 | API Manager event poller unnecessarily locks cache updates from Cassandra |
RDAPI-17040 | Policy called as REST API in Policy Studio, and local fault handler not catching unhandled false return from policy called by policy shortcut |
RDAPI-17208 | Test and document upgrading Gateway and Cassandra (7.5.3->7.7.x / 2.2.8->2.2.12) to new hosts |
RDAPI-17924 | Error while upgrading JSON schema from 7.5.3 to 7.7 - Cannot set ESPK for non-reference type field |
RDAPI-18082 | Regression: Policy Shortcut filters no longer automatically renamed in 7.7 |
RDAPI-18198 | CORS preflight fails for WSDL based API Manager APIs, thus Try-It fails |
RDAPI-18294 | KPS REST API documentation missing info |
RDAPI-18375 | Message "You do not have permission to access this resource" when a user creates an application |
RDAPI-18378 | Spurious "forbidden" error in Manager UI |
RDAPI-18484 | "Get OAuth Access Token" expired token then refresh flow, not reseting message |
RDAPI-18532 | 'Retrieve OAuth Client Access Token From Token Storage' filter (wrongly?) requires hard-coded client-credentials |
These instructions apply to API Gateway and API Manager classic deployments only. For container deployments, follow the instructions for applying a service pack in the API Gateway Container Deployment Guide .
This service pack has the following prerequisites in addition to those specified for the major product release version in the API Gateway Installation Guide:
Shut down any Node Manager or API Gateway instances on your existing installation.
Back up your existing installation. For details on backing up, see the API Gateway Administrator Guide.
Note: Ensure to back up any customized files in your INSTALL_DIR
. You should merge updated files instead of copying them back directly to avoid any regex matching issues. For example, the following directories might contain customized files:
webapps/apiportal/vordel/apiportal
webapps/emc/vordel/manager/app
webapps/emc
system/conf/apiportal/email
system/conf
samples/scripts/
tools/filebeat-VERSION-PLATFORM
INSTALL_DIR/apigateway/system/lib/modules
INSTALL_DIR/analytics/system/lib/modules
INSTALL_DIR/apigateway/platform/jre
kpsadmin
), and that the JAVA_HOME
variable is set correctly in
cassandra.in.sh
and
cassandra.in.bat
.setcap -r INSTALL_DIR/apigateway/platform/bin/vshell
If FIPS mode is enabled, you must also perform the following steps to install the service pack :
togglefips --disable
to turn FIPS mode off.togglefips --enable
to turn FIPS on again.This section describes how to install the service pack on existing installations of API Gateway or API Manager.
Note:
To install the service pack on your existing API Gateway 7.7 server installation, perform the following steps:
INSTALL_DIR/ext/lib
and INSTALL_DIR/META-INF
directories (or the ext/lib
directory in an API Gateway instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.ls -l INSTALL_DIR/apigateway/posix/bin
apigateway
directory in your existing installation directory . For example:tar -xzvf APIGateway_7.7_SP2_Core_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.7/apigateway/
apigateway
directory in your installation: INSTALL_DIR/apigateway
bash
command, and ensure that the correct permissions are set:apigw_sp_post_install.sh
Note :
To install the service pack on your existing API Gateway Analytics 7.7 installation, perform the following steps:
ls -l INSTALL_DIR/analytics/posix/bin
analytics
directory in your existing API Gateway 7.7 installation directory. For example:tar -xzvf APIGateway_7.7_SP2_Analytics_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.7/analytics/
INSTALL_DIR/analytics
apigw_analytics_sp_post_install.sh
Note:
To install the service pack on your existing Policy Studio installation, perform the following steps:
INSTALL_DIR/policystudio
directory.INSTALL_DIR/policystudio/jre
policystudio
directory in your existing API Gateway 7.7 installation directory. For example: tar -xzvf APIGateway_7.7_SP2_PolicyStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.7/policystudio/
policystudio -clean
Note : The -clean option is needed the first time you start Policy Studio after installing the service pack.
To install the service pack on your existing Configuration Studio installation, perform the following steps:
INSTALL_DIR/configurationstudio
directory.INSTALL_DIR/configurationstudio/jre
configurationstudio
directory in your existing API Gateway 7.7 installation directory. For example: tar -xzvf APIGateway_7.7_SP2_ConfigurationStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.7/configurationstudio/
configurationstudio
-clean
Note : The -clean option is needed the first time you start Configuration Studio after installing the service pack.
The following steps apply after installing the service pack.
To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:
INSTALL_DIR/system/conf/jvm.xml
file: <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
Run the command setcap 'cap_net_bind_service=+ep cap_sys_rawio=+ep' INSTALL_DIR/platform/bin/vshell
to allow the API Gateway to listen on privileged ports.
For more details on configuring API Gateway to run on privileged ports, see the API Gateway Administrator Guide.
Notes:
The JRE included in API Gateway disables undesirable cipher suites when using SSL/TLS by default. Users using RSA Access Manager (formerly known as RSA ClearTrust) with API Gateway may experience SSL/TLS handshake issues where no common cipher suites can be found. In this case, you should reconfigure SSL/TLS of the RSA Access Manager to support stronger cipher suits. Alternatively, you can re-enable the anonymous cipher suites in JRE for successful SSL/TLS connections with the RSA Access Manager as follows:
anon
from the jdk.tls.disabledAlgorithms
Java security property in the INSTALL_DIR/Linux.x86_64/jre/lib/security/java.security
fileThe JRE included in API Gateway enables endpoint identification algorithms for LDAPS (secure LDAP over TLS) by default to improve the robustness of the connections. This may cause API Gateway LDAP filters to fail to connect to an LDAPS server. In this case, you can disable endpoint identification using a new system property (com.sun.jndi.ldap.object.disableEndpointIdentification):
<VMArg
name="-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"/>
line to the INSTALL_DIR/system/conf/jvm.xml
fileWhen API Manager is installed, you must run the update-apimanager
script after the API Gateway post-install script to ensure that all paths are up-to-date.
Caution: Before executing the update-apimanager script:
This script updates the active deployment in the API Manager group. After running the script, you must recreate the API Manager project (common project, containing Server Settings) from the deployment, so that you won't need to revert the changes the next time you perform a project deployment.
As an alternative to recreating the API Manager project, you can deploy only your common project to a development server and run the update-apimanager script against it, and create a new common project from this gateway instance. Then, you must deploy your updated policies to your API Manager group.
Tip: You can run this command once at the API Gateway group level, instead of on every API Gateway instance, for example:
/opt/Axway-
7.7/apigateway/posix/bin/update-apimanager
--username=admin --password=MY_PASSWORD --group=API_MGR_GROUP
If the API Gateway group is protected by a passphrase, you must append the above command with --passphrase=API_MGR_GROUP_PASSPHRASE
The following command shows an example of running the update-apimanager
script when the Client Application Registry is installed:
/opt/Axway-
7.7/apigateway/posix/bin/update-apimanager
--username=admin --password=MY_PASSWORD --group=API_MGR_GROUP
--productname=clientappreg
If the API Gateway group is protected by a passphrase, you must append the above command with --passphrase=API_MGR_GROUP_PASSPHRASE
If a fed file is provided as part of building the API Manager EMT container, you must follow these steps to update the fed with the Service Pack API Manager configuration:
1. Install the Service Pack on a installation of the gateway.
2. Run /opt/Axway-
7.7/apigateway/posix/bin/update-apimanager
--fed <path to file>.fed
. There is no need to run any API Manager instances.
The fed now contains the Service Pack updates for the API Manager configuration and can be used to build EMT containers.
Find all documentation for this product version in the Axway Documentation portal at https://docs.axway.com.
The following reference documents are also available from the Documentation portal:
The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Support at https://support.axway.com.
Copyright © 2019 Axway. All rights reserved.