Publish Web API

In the Policy Manager, Web API and non-SOAP applications are published using the Publish Web API Wizard. This wizard guides you through the publication process, allowing you to enter connection and routing information and access credentials for the application. You can also publish a REST service proxy using the Publish REST Service Proxy Wizard.

gateway91

Publishing the application adds it to the Services and Policies list, establishes the non-SOAP application's initial policy in the policy development window, and allows authorized clients to access the application through the Gateway. After publication, you can modify the Gateway URL that receives requests for the application, if necessary. You can also modify the properties of the service.

(1) The Policy Manager differentiates between SOAP web services and non-SOAP applications. To publish, edit, or view a SOAP web service, see Publish SOAP Web Service. Non-SOAP policies do not support the message-level security assertions found in the XML Security assertions. (2) Publishing a non-SOAP application creates a default policy that contains an implicit "All Assertions Must Evaluate to True" composite folder that is not visible. If this assertions has been placed in security zone, ensure that you have at least Read permission to that assertion (for example, you have the "Manage X Zone" role.)

Publish Web API Wizard

The Publish Web API Wizard is used to publish any non-SOAP application.

To access the Publish Web API Wizard, do any of the following:

Click Publish Web API Wizard
on the Policy Manager Home Page.

Select [Tasks
] > Services and API > Publish Web API
from the Main Menu.

Right-click a folder within the Services and Policies list and then select Publish Web API Wizard
.

Complete the wizard as described below.

Wizard Step	Description
Step 1: Service Information	The Service Information screen specifies the connection and routing information for the application or service. Service Name: Enter a name for the non-SOAP application. Upon publication, this name will appear on the Services and Policies list. Target URL: Enter the full HTTP URL of the application. The Gateway will route service requests to this target URL. Upon publication, this URL will appear as a Route via HTTP(S) assertion in the application's initial policy. You may leave the Target URL blank if you intentionally do not want to create an HTTP endpoint. For example, an endpoint is not necessary if you plan to use the Return Template Response to Requestor Assertion to the policy. In this case, you may disregard the validation warnings about missing routing assertions. Gateway URL: Complete the Gateway URL provided by the Policy Manager with a unique URI that corresponds to the unique address that will receive requests for the application. Only enter a URI that completes the embedded Gateway URL into the field. For example, if you are connected to Gateway machinename.domain.com/xml/ , you might enter "Warehouse" as the URI into the Gateway URL field. In this example, the final application-specific URL that will receive requests would be machinename.domain.com/xml/Warehouse. When publishing a RESTful web service, the Gateway URL must contain a wildcard (for example, "/restentrypoint/*").
Step 2: Access Control	The Access Control screen allows you to define access control and authentication rules for the non-SOAP application. Optionally select the Require SSL/TLS Encryption check box to require that all requestors consume the application through the SSL entry point. Choose an access control option: Select Allow Anonymous Access to permit requestors to access the application anonymously (without credentials) Select Require Users to Authenticate to require that requestors provide credentials to gain application access. Define the authentication details for this option as follows: Authentication Method: Select an authentication method from the drop-down list. This determines what information users and groups are required to provide to gain application access. Identity Provider: Select an identity provider that contains the authorized users and groups from the drop-down list. When requiring users to authenticate, the access will be restricted to the identity providers indicated above. The policy will initially be populated with an authentication assertion for each Authenticate User or Group assertion corresponding to each selected identity. Specify which users and groups are authorized to use the application by moving them between the No Permission and Have Permission lists. Grant permission by selecting entries from No Permission and then clicking [Add ]. Alternatively, click [Add All ] without selecting any entry to authorize everyone on the list. Deny permission by selecting entries from Have Permission and then clicking [Remove]. Alternatively, click [Remove All] without selecting any entry to deny permission to everyone on the list. If you need to authorize users or groups from another identity provider, select the new provider name from the Identity Provider drop-down list and then repeat step 3. Optionally choose a security zone. To remove this entity from a security zone (security role permitting), choose "No security zone". For more information about security zones, see Understanding Security Zones. This control is hidden if either: (a) no security zones have been defined, or (b) you do not have Read access to any security zone (regardless of whether you have Read access to entities inside the zones). Click [Finish ]. The application or service is added to the Services and Policies list. (1) If you've specified a conflicting service resolution, you are given the option proceed as is or cancel the publishing. (2) It is recommended that you disable the published application until its policy is completed. See Published Service Properties for instructions.

Wizard Step

Description

Step 1: Service Information

The Service Information screen specifies the connection and routing information for the application or service.

Service Name:
Enter a name for the non-SOAP application. Upon publication, this name will appear on the Services and Policies list.

Target URL:
Enter the full HTTP URL of the application. The Gateway will route service requests to this target URL. Upon publication, this URL will appear as a Route via HTTP(S) assertion in the application's initial policy.

You may leave the Target URL blank if you intentionally do not want to create an HTTP endpoint. For example, an endpoint is not necessary if you plan to use the Return Template Response to Requestor Assertion to the policy. In this case, you may disregard the validation warnings about missing routing assertions.

Gateway URL:
Complete the Gateway URL provided by the Policy Manager with a unique URI that corresponds to the unique address that will receive requests for the application. Only enter a URI that completes the embedded Gateway URL into the field. For example, if you are connected to Gateway machinename.domain.com/xml/ , you might enter "Warehouse" as the URI into the Gateway URL field. In this example, the final application-specific URL that will receive requests would be machinename.domain.com/xml/Warehouse.

When publishing a RESTful web service, the Gateway URL must contain a wildcard (for example, "/restentrypoint/*").

Step 2: Access Control

The Access Control screen allows you to define access control and authentication rules for the non-SOAP application.

Optionally select the Require SSL/TLS Encryption
check box to require that all requestors consume the application through the SSL entry point.

Choose an access control option:

Select Allow Anonymous Access
to permit requestors to access the application anonymously (without credentials)

Select Require Users to Authenticate
to require that requestors provide credentials to gain application access. Define the authentication details for this option as follows:

Authentication Method:
Select an authentication method from the drop-down list. This determines what information users and groups are required to provide to gain application access.

Identity Provider:
Select an identity provider that contains the authorized users and groups from the drop-down list.

When requiring users to authenticate, the access will be restricted to the identity providers indicated above. The policy will initially be populated with an authentication assertion for each Authenticate User or Group assertion corresponding to each selected identity.

Specify which users and groups are authorized to use the application by moving them between the No Permission
and Have Permission
lists.

Grant permission by selecting entries from No Permission and then clicking [Add
]. Alternatively, click [Add All
] without selecting any entry to authorize everyone on the list.

Deny permission by selecting entries from Have Permission and then clicking [Remove]. Alternatively, click [Remove All] without selecting any entry to deny permission to everyone on the list.

If you need to authorize users or groups from another identity provider, select the new provider name from the Identity Provider drop-down list and then repeat step 3.

Optionally choose a security zone. To remove this entity from a security zone (security role permitting), choose "No security zone". For more information about security zones, see Understanding Security Zones.

This control is hidden if either: (a) no security zones have been defined, or (b) you do not have Read access to any security zone (regardless of whether you have Read access to entities inside the zones).

Click [Finish
]. The application or service is added to the Services and Policies list.

(1) If you've specified a conflicting service resolution, you are given the option proceed as is or cancel the publishing. (2) It is recommended that you disable the published application until its policy is completed. See Published Service Properties for instructions.

Tasks/Manage Menu: Publish Services and APIs

CA API Gateway 9.3

Publish Web API