Mid server and Web services through proxy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2017 04:18 AM
Hi!
In one of the integrations we are currently working on, we have the following structure:
The target environment can be accessed and queried through rest (we just do 'gets' here)
To access the target environment, we need to go through a proxy.
Due to security restrictions, we are not allowed to install a mid server inside the target environment (and.. in this case, no is no).
Playing around with the platform, we are trying to identify how would we 'pass' that proxy, we end up dealing with the construction of a httpClient object to raise the getmethod from there, but unfortunately, we couldn't find any documentation on how to add the proxy credentials and the proxy set up to build the header correctly.
Somehow, the structure to build the request without the proxy is the following one:
var GetMethod = Packages.org.apache.commons.httpclient.methods.GetMethod;
var GlideHTTPCient = Packages.com.glide.communications.HTTPClient;
var httpClient = new GlideHTTPCient();
var getMethod = new GetMethod(this.setRestEndPoint());
var httpStatus = httpClient.executeMethod(getMethod);
var response = getMethod.getResponseBodyAsString();
getMethod.releaseConnection();
var responseHeaders = getMethod.getResponseHeaders();
var status = getMethod.getStatusCode();
return (response);
Any idea/suggestion on how to
1st add the proxy to the http header
2nd add the credentials to authenticate in the proxy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2017 04:56 AM
As a matter of interest... does this security restriction actually prevent you from supporting the target environment? Or is the objective simply to obtain information over REST (via the proxy) then pass that on?
Sadly, MIDs require a line-of-sight to items they're discovering/monitoring. If that LoS is hampered by a proxy, you're compromising the communication channels.
An alternative is to have a transparent proxy running and have the MID server point at it as a default gateway, so all traffic is routed out that way. That could then authenticate to the proxy if needed. It's a convoluted process, but it's shifting the responsibility for traffic redirection and authentication away from the MID and onto another layer so the MID doesn't need to worry about it.
But it's an interesting setup you have there. I'd be curious to know how else this would be achieved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2017 06:06 AM
Hi Dave,
It is an integration.. which means the target environment has its own team supporting, that is why we just can retrieve the data through a REST API (actually is one way, we getting the data).
And.. again, due to security restrictions (corporations..) we can't change anything from the proxy
Being a http request, I though we would be able to set up the header to overcome the proxy.. but thats the thing, we haven't found the right way to do it as documentation here is not too clear :S
Lets see if can get the answer for this!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-29-2017 02:31 AM
Hi Hector,
I am having the very same setup for a client. Was wondering if you got any update on this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2017 04:12 AM
Unfortunately, no luck here
