-
Cisco ACE XML Gateway User Guide (Software Version 6.0)
-
Preface
-
Introducing the Cisco ACE XML Gateway
-
Basic Concepts
-
First Steps
-
Working with Virtual Services
-
Working with Handlers, Routes, and Service Descriptors
-
Controlling Access to Services
-
Authenticating Requests to Backend Systems
-
Editing and Maintaining Virtual Services
-
Using Variables in Paths
-
Validating Messages
-
Processing SOAP Messages
-
XML Encryption and XML Signature
-
Transforming Messages with XSLT
-
Configuring Destination Server Settings
-
Working with Ports and Hostnames
-
Working With JMS Traffic
-
Working with TIB/RV and MQ Services
-
Working with ebXML Traffic
-
Securing Traffic with SSL/TLS
-
Configuring Reactor Processing
-
Caching Service Responses
-
Mapping HTTP Error Responses
-
Setting Global Traffic Rules
-
Securing Web Applications
-
Working with Virtual Web Applications
-
Working with Profiles
-
Developing Rules and Signatures
-
Managing Resource Files
-
Deploying the Policy
-
Managing the Policy
-
Publishing Service Information
-
Monitoring System Status
-
Managing Web Console Users
-
Managing Gateway Clusters
-
Configuring the Manager Web Console
-
Using the ACE XML Manager SOAP API
-
Troubleshooting
-
Log Messages
-
Feedback
Table Of Contents
Obtaining Documentation and Submitting a Service Request
Preface
This preface contains the following major sections:
•
Obtaining Documentation and Submitting a Service Request
Audience
This guide describes how to use the ACE XML Manager web console, the browser-based interface for configuring and administering the ACE XML Gateway and Manager. It is intended for the following personnel who are responsible for configuring, monitoring, and maintaining the Gateway:
•
•
•
Organization
This guide includes the following sections:
Introduces the ACE XML Gateway and Manager, and describes how their capabilities can be used to secure, manage, and accelerate application networking.
Explains background concepts important for understanding how to configure and operate the ACE XML Gateway.
Introduces the ACE XML Manager web console, the development environment for the system. Describes how to get started configuring service routing in the ACE XML Gateway policy.
Describes virtual services, the policy objects that represent external services at the Gateway.
Chapter 5, "Working with Handlers, Routes, and Service Descriptors"
Describes how to define services at the ACE XML Gateway with objects that separately define the consumer and backend server interfaces.
Provides information on setting up authentication and authorization rules in the policy.
Describes how to configure credential generation and mediation for outgoing requests.
Describes how to manage imported WSDLs in the policy, and how to apply updates to the WSDL.
Explains how to handle variable elements in request paths at the consumer interface, and propagate those variables to the URL used to invoke the backend service.
Describes how to check incoming messages to ensure that they are correctly structured and composed.
Describes how to configure the ACE XML Gateway to process and generate web service features in messages.
Lists the steps for encrypting and decrypting message content in W3C XML Encryption format, as well as generating and validating XML signatures.
Describes how to apply content transformation scripts to messages in the form of XSL Transformations.
Provides information on configuring settings for backend server connections.
Describes how to open HTTP listening ports. Describes how to set up virtual hosting for the Gateway
Explains how to route JMS messaging traffic at the Gateway using the JMS add-on extension.
Explains how to route messaging format TIBCO Rendezvous® and IBM MQSeries® traffic at the Gateway using add-on extensions.
Provides information on setting up the policy for processing ebXML traffic.
Describes how to set up the consumer and backend service connections from the ACE XML Gateway to use Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL).
Introduces the high-performance, stream-oriented message processing engine in the ACE XML Gateway, the Reactor.
Describes how to improve system performance by caching responses at the ACE XML Gateway.
Describes the exception mapping behavior of the Gateway and how to customize the exception responses sent to service consumers for service processing errors.
Provides instructions on screening and replacing message content at the ACE XML Gateway.
Describes the concepts behind web application security.
Describes how to use virtual web application to secure web traffic.
Details how to use profiles to define rules for securing and processing a class of traffic.
Provides information on creating your own custom rules and signatures for web application security.
Lists the types of resources used in an ACE XML Gateway policy.
Describes how to deploy the working policy in the ACE XML Manager web console to the ACE XML Gateway, where it is applied to network traffic.
Explains how subpolicies can be used to organize complex policies. Lists the steps for exporting and importing policies as PPF files, as well as how to move objects between policies and subpolicies.
Describes how to advertise that availability of services at the ACE XML Gateway, using standard mechanisms such as WSDL and UDDI.
Overviews the capabilities of the system for providing information on the activities of the system.
Provides information on the user accounts and roles in the ACE XML Manager web console.
Describes how to create and manage multiple clusters of ACE XML Gateways from a single Manager.
Lists the configuration settings that control the behavior and appearance of the ACE XML Manager web console interface.
Provides information on the SOAP programming interface for developing and managing the ACE XML Gateway policy.
Explains how to troubleshoot service and system errors.
Lists error messages generated by the system.
Related Documentation
For additional information on the Cisco ACE XML Gateway software, see the following documentation:
•
•
•
In addition, online help is available from the ACE XML Manager web console. The following sections provide sources for obtaining documentation from Cisco Systems.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
Conventions
This document uses the following conventions:
Note
Caution
Warning
Notices
The following notices pertain to this software license.
OpenSSL/Open SSL Project
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
This product includes software written by Tim Hudson (tjh@cryptsoft.com).
License Issues
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.
OpenSSL License:
Copyright © 1998-2007 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1.
2.
3.
4.
5.
6.
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).
Original SSLeay License:
Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
The implementation was written so as to conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1.
2.
3.
"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".
The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.
4.
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].
