Knime Server API call from Azure API Management

vsung · July 5, 2021, 8:23pm

I’ve added the OpenAPI definition generated by Swagger and added it to Azure API management. This adds in both the get and post requests available for the workflow. However, it only the GET requests run and return a 200 status. When I try to run the post requests, it returns a 403 Forbidden status. Here is the error:

<!doctype html><html lang="en"><head><title>HTTP Status 403 – Forbidden</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 403 – Forbidden</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Potential CSRF</p><p><b>Description</b> The server understood the request but refuses to authorize it.</p><hr class="line" /><h3>Apache Tomcat</h3></body></html>

The same POST request runs fine in Postman with my authentication. My question is what settings could block the Post Requests from Azure API management? The Azure API IP address is registered on the Knime Server.

ztrubow · July 6, 2021, 7:43pm

Hi @vsung ,

Can you attempt to turn CSRF off in the knime.xml and let me know if this helps:

https://docs.knime.com/2021-06/server_admin_guide/index.html#csrf-prevention

I am seeing in the POST response that it says “Potential CSRF”. Let’s try this and see if the requests from the Azure API are accepted.

Thanks,
Zack

vsung · July 6, 2021, 10:02pm

Ok I will ask my admin to test that tomorrow as I do not have access to the Knime server settings. I will let you know the results.

I tried to bypass the CSRF proxy in the Azure test call but it still returns 401 (Please see the attached screenshot).