-
Notifications
You must be signed in to change notification settings - Fork 4
Whitelisting of URL's (What URLs are required by OAG)
gianlucafrei edited this page Mar 11, 2021
·
3 revisions
In general you will have to whitelist (i.e. in the Firewall or WAF in front of OAG) the following URLS:
- /auth** -> this is to allow authentication (login using a given provider, OIDC callback, logout)
- all your api/web calls that should be available publicly (i.e. the routes you configured for your services)
- /.well-known/jwks** -> This is the api where downstream-systems (i.e. your services) can get the public keys to verify JWT signatures of OAG.
- /oag/cluster** -> internal OAG communication for cluster synchronization (when using multiple OAG instances)
- /oag/admin** -> the admin UI of OAG where some temporary manual config override may be done
- /oag/monitoring** -> monitoring / status information of OAG
This Wiki contains the documentation of the OWASP Application Gateway (OAG). If you think that we missed something please add an issue on GitHub.
- Wiki Home
There is also a Swagger documentation of all OAG endpoint available online: https://app.swaggerhub.com/apis-docs/gianlucafrei/OAG/0.4#/