You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As the security administrator, I want only authorized services to be able to register into the APIML.
Acceptance criteria:
Only services that have a certificate trusted by APIML can communicate with discovery service
Internal APIML services (API Catalog, Gateway, Discoverable Client) provide correct client certificate to the discovery service
The certificate generated by the CM script is usable for DS
HTTPS for DS is on by default, can be switched off by using a different Spring profile
Provides good error handling in the following situations:
Wrong configuration of services (missing certificate, an invalid path to the certificate, invalid protocol, password...)
Wrong key alias - expected behavior: Server stops and there is an exception that that clearly describes @taban03
Other were tested by @plavjanik and they result in failure (DS stops) and informative exceptions
Untrusted certificate of a service (reported once in the DS, reported nicely in the service) - moved to error handling story because of infrastructure dependency
Issue by plavjanik
Thursday Oct 25, 2018 at 13:23 GMT
Originally opened as https://github.com/gizafoundation/api-layer/issues/196
As the security administrator, I want only authorized services to be able to register into the APIML.
Acceptance criteria:
Notes:
The text was updated successfully, but these errors were encountered: