Solved: How to I establish a trust relationship between th... - Page 2

Report Inappropriate Content · 04-05-2018 11:57 AM

I have a proxy that authenticates against ADFS where the API Gateway validates that JWT and calls the API provider. I want the backend call to have a trust relationship. How do I do that?

DChiesa

hi John

I'm not clear on what problem you're seeing. You wan the backend to "have a trust relationship" . What does that mean?

For transport-level security, You can enforce TLS on the southbound connection. This is set in the HTTPTargetConnection configuration. The relevant documentation is here: https://docs.apigee.com/api-platform/system-administration/configuring-ssl-edge-backend-service

You should include a stanza like this:

<TargetEndpoint name="default">
 …
 <HTTPTargetConnection>
   <SSLInfo>
       <Enabled>true</Enabled>
       <TrustStore>ref://myTrustStoreRef</TrustStore>
   </SSLInfo>
   <URL>https://myservice.com</URL>
 </HTTPTargetConnection>
 …
</TargetEndpoint>

And you must create that TrustStore reference , and the truststore it refers to. (sorry)

And then of course embed your CA chain into the TrustStore.

If you want 2-way TLS, then you need to upload a key and also specify a KeyStore there.

If you want something based on the JWT, that is a different matter.

View solution in original post

How to I establish a trust relationship between the API Gateway / Proxy and the API Provider?