Submit telemetry via gateway mode on HTTP & MQTT adaptors - eclipse-hono

I can create things, set up connections and apply the connection policy to the thing so I can submit telemetry from a thing via HTTP and MQTT and receive it on my MQTT server/connection. I've got all this working.
But when I try to switch to using gateway mode via HTTP or MQTT adaptor it no longer works.
I'm not sure how to authorise a thing to act on behalf of another thing.
When I use the HTTP adaptor I get "gateway unknown, disabled or not authorized to act on behalf of device".

As Kai Hudalla pointed out the when registering a device you can set the via property to authorise a gateway to act on it's behalf and its documented at https://docs.bosch-iot-suite.com/hub/general-concepts/gatewaymode.html

Related

Azure APIM and Websocket JWT Validation

I have an Azure API Management (APIM) (Basic) service set up to authenticate my JWT tokens over HTTP query connections via the validate-jwt plugin, and that works fine. I would like to do the same JWT token validation using a WebSocket connection over APIM.
The best I can get with websockets is the typical subscription-key querystring validation. After reading that WebSocket clients (like Apollo's WebSocketLink) only allow query string params as opposed to header modifications (potential due to Browser restrictions?), I tried passing an "authorization" query string pair in, but validate-jwt seems to misread that too (the websocket connection fails).
Microsoft does appear to advertise JWT validation on the docs website (https://learn.microsoft.com/en-us/azure/api-management/websocket-api)
but I can't find a clear example to show how that's expected to work.
Any suggestions (especially if you've gotten this to work)? Thanks!
You can use it as below in the handshake operation but once the handshake is done the http request is upgraded to WebSocket so the operation is no longer executed during the web socket connection.
https://learn.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies#ValidateJWT

sending emails via smtp from a server installed as IaaS in azure

i have many application servers (cyber-ark, SIEM solution, forti gate etc') installed on azure as a IaaS.
all of them connect to an smtp server in order to send notifications via mail.
on my on Prem deployments, this was not an issue, but on azure, all smtp communication seems to be blocked.
i created a send-grid account and tried playing with it, but the send grid smtp server is getting blocked too.
what is the right way to work in this scenario ?
i need a smtp server to integrate with my applications...
what should i do ?
thanks,
david
Depends on your type of subscription, pay-as-you-go if you want the ability to send email from Azure VMs directly to external email providers (not using an authenticated SMTP relay), you can make a request to remove the restriction. Requests will be reviewed and approved at Microsoft's discretion, and they'll be granted only after additional anti-fraud checks are made. To make a request, open a support case by using the following issue type: Technical > Virtual Network > Connectivity > Cannot send email (SMTP/Port 25). Make sure that you add details about why your deployment has to send mail directly to mail providers instead of using an authenticated relay. More details

TLS authentication with remote server

I'm trying to implement Express Gateway, what i need to do is to publish an API that routes to a TLS authenticated web service.
My question is, how do i configure the gateway so i can achieve this flow:
1- Client send request to http://my.api
2- Gateway takes HTTP Request and sends it to a TLS authtenticated webservice
3- Take the response and send it back to the client
My apologizes for the poor english.
I guess there's nothing special here, just make the gateway listen on the http interface and use the proxy policy to the https server targeting.

Using and securing rabbitmq mqtt websocket and use it in browser

We need some async workers for some 1-2 min tasks and then provide the user feedback from this tasks.
The idea would be to use the rabbitmq mqtt websocket plugin and provide the user feedback when the calculations done directly in the browser.
For our "old" stack we have some api endpoints as a layer between the user (browser) and rabbitmq services which more or less act as fire and forget.
As mentioned, we now need to provide feedback where we thought it would be create to user websockets (rabbitmq mqtt plugin).
But we are wondering how do we secure the exposed websocket endpoint for each user? Currently its not a problem as we have an amqps clients with X.509.
Our new features need has public access so we can not auth the user beforehand.
Is there a way to directly and securly use the exposed endpoint or do we need a layer in between as we have now?
The RabbitMQ Web MQTT plugin supports TLS. You can then use a username / password to authenticate the user, or use client certificates.
If you need public access then there is no way to secure the endpoint. This applies to all MQTT brokers, not just RabbitMQ.
NOTE: the RabbitMQ team monitors the rabbitmq-users mailing list and only sometimes answers questions on StackOverflow.
If you use a plugable authentication source (sorry, not familiar with what RabbitMQ offers here) e.g. that stores user/password in a database. Then you can generate a short lived set of credentials for each session and the webpage can request these from the server via a REST API and then use these to authenticate the MQTT connection over WebSockets.
This means that credentials are only exposed as variables for a short time as temporary variables in the browser, which can be revoked easily as soon as the web session/actions are complete

DocuSign connect

I do not know if I missed this information, but it seems to me that nowhere is written what the REST listener should return when it is called by the DocuSign connect.
Should it return a kind of formatted response?
Thank you,
Marco
DocuSign Connect will send an HTTP POST request to the endpoint that you specify for the Connect configuration settings. When your "listener" application that resides at that endpoint receives a message from Connect, it will automatically respond via normal HTTP request/response semantics -- you shouldn't have to do anything (from a coding perspective) to make this happen, since it's just normal request/response behavior for a web application.

Resources