Hi Team,
We have issue with test connection for webservice connectors, as part of that we are asked to add one proxy address in VA.
I would greatly appreciate if someone could guide me the process of adding that .
Thanks,
Divya
Uncomment the lines below and enter URL values, with port for both the http and https proxy
Note: You must reboot the VA for these settings to take effect (‘sudo restart’)
http_proxy: http://:@:8080/
http_proxy: https://:@:8080/
1 Like
Hi @Manish4031 ,
Thank you for the suggestion.
We have other proxy added in proxy.yaml file.
if i need to add other one with TCP 443 . how can i add?
Thanks,
Divya
Hi @Divya_Kusumula03 , Can’t you add your web server’s hostname to the whitelist of the proxy you’re already using?
Hi @MeKhalbi
Could you please suggest on how can i add that?
Thanks,
Divya
You might need support from your network admin to whitelist the URL for your web server same as you did for the tenant URL or the other URL that need to be whitelisted as part of the VA config System and Network Requirements - SailPoint Identity Services.
If your web server is hosted internally in the same network as the VA, I would just configure the hostname in the proxy config file as per the documentation:
For example, you might have a custom connector that needs to reach locally-hosted APIs. In this case, add the following line to the
proxy.yamlfile:
no_proxy: <host1>|<host2>
Hi @MeKhalbi ,
Thank you for the reply!
We tried with no_proxy Option, unfortunately it didnt work.
Thanks,
Divya
Hi @Divya_Kusumula03 ,
Please ensure that the hostnames are used as is. The paramter no_proxy is case sensitive.
Thanks,
Shailee
Hi @shaileeM ,
Yes, it is added as is.
However our proxy.yaml file looks like this before and after adding new proxy
before (Sample Values)
https_proxy: http://11.44.112.0:80/
http_proxy: http://11.44.112.0:80/
After (Sample Values)
https_proxy: http://11.44.112.0:80/
http_proxy: http://11.44.112.0:80/
no_proxy: webproxy.abc.xyx.services
Is this correct way of adding the new proxy? please advise.
Thanks,
Divya
Hi @Divya_Kusumula03 can you try changing the host on the no_proxy input from the web proxy hostname to your web web server’s one.
Please refer below post for proxy related doubt.
Hi @MeKhalbi ,
I tried, couldn’t resolve the issue.
Below is the error message found in logs for test connection.
message":“I/O exception (org.apache.http.NoHttpResponseException) caught when processing request to {tls}->http://11.44.222.6:80->https://domain.dev.gig.com:443: The target server failed to respond”
Error in UI
Please advise if we can try other ways.
Thanks,
Divya
Hi Divya,
What are the two hosts that you are trying to expemt and so declare in no_proxy? Are they :
- webproxy.abc
- xyz.services
If so, its should be as below in proxy.yaml
no_proxy: webproxy.abc|xyz.services
After changing it, you need to restart the ccg services, before trying the test connection
Thanks,
Shailee
Hi Shailee @shaileeM ,
it is single host we are trying to exempt, which is webproxy.abc.xyx.services.
we did VA reboot after doing the changes.
Thanks,
Divya
Hi Divya,
Seems like no_proxy environment variable is not getting updated in your VA.
Can you check the environment variables using below command :
env | grep -ia "no_proxy"
If the result is empty, I would suggest to manually export the no_proxy variable :
- Export the no_proxy parameter manually using following command :
export no_proxy=webproxy.abc.xyz.services
- Restart ccg service
- Verify the environment variable again above env command
- Test connection
Hope this helps.
Hi
You have to white list your target IP with host name in the hosts.yaml file.
Path : /home/sailpoint/hosts.yaml
The file looks like below
hosts:
10.xx…xx.xx:
- sample.demo.com
- sample
Here first line is your Target app IP address
2nd line is full host name of your target application
3rd line is your host name before the . Value
Save the file as hosts.yanl and reboot the VA
Thanks,
Siva.K
Hi @shaileeM ,
Just a change in the proxy configuration.
We need to access the destination Via Proxy and the proxy is webproxy.abc.xyx.services.
Existing proxy.yaml config file looks like below
https_proxy: http://11.44.112.0:80/
http_proxy: http://11.44.112.0:80/
Could you please suggest on how can we add the new proxy address in proxy.yaml file to resolve the issue.
Thanks,
Divya
Hi @Divya_Kusumula03 ,
You can add manually by opening the file using vi command and saving it after.
Another option is to use the export command suggested above.
Hi @shaileeM ,
We attempted to update the proxy.yaml file as shown below; however, VA went to inactive state with this change.
https_proxy: http://11.44.112.0:80/
http_proxy: http://11.44.112.0:80/
https_proxy: http://webproxy.abc.xyx.services:443/
http_proxy: http://webproxy.abc.xyx.services:443/
Could you please update us on the correct way to implement this.
Thanks,
Divya