Saturday, September 10, 2016

Make a fortune of WSO2 API Cloud

For those who do not know about WSO2 API Cloud:

WSO2 API Cloud is the API management solution in cloud, hosted by WSO2. In other words, this solution is WSO2's API Manager product as a service. You can try it for free after reading this post.

What you can do with it:

Of course, what you can do is, manage your APIs. i.e. If you have a REST or a SOAP service, which you want to expose as a properly authenticated/authorized service, you can create an API in WSO2 API Cloud and proxy the requests to your back end service with proper authentication/authorization. There are many other features which you can read from here.

HOW and WHO can make a fortune of it:

There are many entities who can make a fortune out of API Cloud. But, in this post, I am purely concentrating on the system integrators. They undertake projects to combine multiple components to achieve some objective. These components might involve databases, services, apis, web UIs etc.

Now, lets pay attention to publishing a managed api to expose an existing service to be used in the above mentioned solution. We all know, no one will write api management solution from scratch to achieve this when there are api management solutions available. If a SI, decides to go ahead with WSO2 API Cloud, they

1. Can create, publish and test the apis within hours. If their scenario is complex, it might take a day or two if they know what they are doing and with some help from WSO2 Cloud team.

2. Don't need to worry about hosting the api, availability and its scalability.

3. Can subscribe for a paid plan starting from 100 USD per month. See the pricing details.

Now, lets say the SI decided to go ahead with API Cloud and subscribed to a paid plan which costs 100 USD per month. If the SI charges 10,000 USD for this solution, you can see the profit margin. You pay very less and you get a great api management solution in return. If the SI do couple of such projects, they can make a fortune of it :)

Wednesday, April 20, 2016

Tomcat returns 400 for requests with long headers

We noticed this while troubleshooting an issue which popped up in WSO2 Cloud. We have configured SSO for the API Publisher and Store at WSO2 Identity Server. SSO was working fine except for one scenario. We checked the SSO configuration and couldn't find anything wrong.

Then we checked the load balancer logs. It revealed that LB was passing the request to the server i.e. Identity server, but gets a 400 from it. Then we looked the Identity Server logs to find nothing printed there. But, there were logs in the access log of the identity server which told us it was getting the request, but it was not letting it go through. Instead it was dropping it saying it was a bad request and was returning a 400 response.

We did some search in the internet and found out this kind of rejection can occur if the header values are too long. In the SAML SSO scenario, there is a referrer header which sends a lengthy value which was about 4000 characters long. When doing further search, we found out the property maxHttpHeaderSize in tomcat configs where we can configure the max http header size allowed in bytes. You can read about this config from here.

Once we increased that value, everything started working fine. So, I thought of blogging this down for the benefit of people using tomcat and also WSO2 products since WSO2 products have tomcat embedded in it.