0

I have a SCEP endpoint (Simple Certificate Enrollment Protocol) which is using simple HTTP GET and POST with parameters, for example:

http://localhost/scepserver/pkiclient.exe?operation=GetCACaps&message=CA

I am trying to implement this API in WSO2 Api Manager with endpoint to my SCEP server. I was trying to do it using "Design a New REST API" but it is not working and I do not want to use JSON in message payload.

How should I define API for SCEP, with example to call endpoint with query parameters?

EDIT:

Trying through curl:

curl -X GET 'http://10.30.9.145:8280/devscep/1/pkiclient.exe?operation=GetCACaps&message=CA' -v

Result:

* Hostname was NOT found in DNS cache
*   Trying 10.30.9.145...
* Connected to 10.30.9.145 (10.30.9.145) port 8280 (#0)
> GET /devscep/1/pkiclient.exe?operation=GetCACaps&message=CA HTTP/1.1
> User-Agent: curl/7.38.0
> Host: 10.30.9.145:8280
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< activityID: 22588072245075117976472
< WWW-Authenticate: realm="WSO2 API Manager"
< Content-Type: application/soap+xml; charset=UTF-8
< Date: Fri, 14 Jul 2017 13:02:16 GMT
< Transfer-Encoding: chunked
<
* Connection #0 to host 10.30.9.145 left intact
<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"><soapenv:Body/></soapenv:Envelope>
user1563721
  • 1,373
  • 3
  • 28
  • 46

1 Answers1

0

In the resources section of the design page, you can define expected query parameters for each resource.

https://docs.wso2.com/display/AM210/Key+Concepts#KeyConcepts-APIresources

Bee
  • 12,251
  • 11
  • 46
  • 73
  • I added to API Definition `GET /pkiclient*` and added query parameters `operation` and `message`. But still, when I am trying to invoke API through API Console, I am getting `"error": "no response from server"`. – user1563721 Jul 14 '17 at 10:54
  • It can happen due to untrusted certs in browser. Try with some other client like curl. – Bee Jul 14 '17 at 11:27
  • Yes, I am trying trough `curl` as `curl -X GET 'http://wso2am:8280/devscep/1/pkiclient.exe?operation=GetCACaps&message=CA' -v`. The result is: see my edit. – user1563721 Jul 14 '17 at 13:03
  • "no response from server" you will get with almost any error response, so use *curl* when possible. What authentication type did you set to your API resource. From the reponse (401 Unauthorized) I'd say you set some authorization level and did not provide any token. Please not basic authentication won't work out of box (the same way as directly with pkiclient.exe) – gusto2 Jul 14 '17 at 14:16
  • now it came to my mind - the pkiclient.exe may do the authentication (NTLM) on its own, so maybe you shall change the API authorization to "None" . I am not sure if proxying the request through the API manager will work with NTLM/SPNEGO when using different host as the SCEP was originally configured. – gusto2 Jul 14 '17 at 14:25