from Kristen Malzone (CA) to Everyone:
Hi Steve!
from Kristen Malzone (CA) to Everyone:
Welcome to Office Hours!
from Kristen Malzone (CA) to Everyone:
Let's get started!
from Kristen Malzone (CA) to Everyone:
We're here to answer your questions about CA API Management products.
from Kristen Malzone (CA) to Everyone:
There is no audio - just chat in this window.
from Kristen Malzone (CA) to Everyone:
So, who's got the first question?
from sravan to Everyone:
If i'm using the AD for the authentication of my adminstrators, ApiOwners, BusinessManagers and the registeredUsers. Does CA API Portal supports any way to disable the registration of new users from the API Portal home screen
from Kristen Malzone (CA) to Everyone:
@Sravan - Great question!
from Kristen Malzone (CA) to Everyone:
Working on an answer right now...
from Alejandro to Everyone:
i have the snmp tactical package installed, i see that there is a resolution path exposed, but the docs don't indicate what is available at that endpoint. is there anything?
from Carina Ramello to Everyone:
@sravan there's a property to hide/show registration and login links under properties file for the portal
from Mahesh to Everyone:
What are outof the box features CA API Layer7 Gateway has to calculate capacity interms of of transactions it can handle.
from Carina Ramello to Everyone:
the name of the property is "samlSSOEnabled" and the instructions can be found in the portal documentation as well https://docops.ca.com/ca-api-developer-portal/3-5/set-up-the-api-portal/set-up-saml-single-sign-on/set-up-saml-sso-on-the-api-portal
from Dana Crane to Everyone:
another way to do it is to:
from Dana Crane to Everyone:
1. Login as Admin
2. Navigate to /SYSTEM/conf/sitebuilder/packages/layer7/modules/AuthenticatedUser/xsl and edit the file “display.xsl”
from Dana Crane to Everyone:
to suppress the display of the Signup link, you can add the following entry:
#login .signup {display:none;}
from sravan to Everyone:
@Carina Thank you for the answer! Can you please point me to the location of the file.
from Carina Ramello to Everyone:
@sravan sure, it's /SYSTEM/conf/properties.xml
from Aaron Flint to Everyone:
@Alejandro - the SNMP package contains a script, and the script is meant to invoke the policy endpoint that you're referring to. The endpoint will gather stats to be pulled.
from Alejandro to Everyone:
thanks. so, the gateway basically calls itself to update stats?
from Aaron Flint to Everyone:
@Alejandro - exactly, yes
from Aaron Flint to Everyone:
@Mahesh - the Gateway does not provide out of the box capacity calculators, as capacities are highly dependent on individual customer needs and product usage.
from Mahesh to Everyone:
Ok, Np problem..
from Aaron Flint to Everyone:
A good place to start with capacity planning would be support or services (if you're an existing customer), or with sales and pre-sales.
from Aaron Flint to Everyone:
depending on where you are in your sales/deployment cycle.
from Mahesh to Everyone:
could you please share any use case / document you have on capacity management..
from sravan to Everyone:
Is there a way to assign the internal and external roles in API Portal to the same user. This scenario is because if my users are from AD, same user need to have the right to Publish the API (as an ApiOwner) and same time he can create new application and access the APIs (as a registereduser or OrganizationAdmin)
from sravan to Everyone:
Does any documentation provide statistics on how much load each gateway node can handle?
from Carina Ramello to Everyone:
@sravan working on your roles question
from Ben Urbanski to Everyone:
@sravan - Right now in our API Portal v3.5, a user cannot be both an external user and an internal user. However, internal users can both publish APIs and create applications for organizations.
from Aaron Flint to Everyone:
Hi @Mahesh, this is probably something that we should take offline. We have a few documentst that we can share with you to help you plan for your capacity.
from Mahesh to Everyone:
Sure. Kindly reachout to me & pls share those doc too.
from Mahesh to Everyone:
Second Q: How to Append Service using REST management call. I think update will overwite service (/restman/1.0/services/{id}..... is there any tick to Append srvice?
from Aaron Flint to Everyone:
Will do. @sravan, we can do the same for you as well
from Ben Urbanski to Everyone:
@Mahesh - You can POST to the published services resource (i.e. /services) to create (i.e. append) a new service. A PUT will update an existing service.
from sravan to Everyone:
@Ben thank you for the reply! Have you seen a case that when Administrator creates an application who receives the request for the application access. because i have assigned administrator as a registeruser and application administrator creates is going no where. infact no application is created. I'm using the same v3.5 as you specified supported for the internal user
from sravan to Everyone:
@Aaron Thank you.
from sravan to Everyone:
Does CA API Gateway and API Portal support integration with Okta
from Aaron Flint to Everyone:
@sravan, do you mean the OTK (Oauth Toolkit)?
from Ben Urbanski to Everyone:
@sravan - When an administrator creates an application, no notification is created because the same administrator could approve the application.
from Dana Crane to Everyone:
Okta is an SSO vendor
from Dana Crane to Everyone:
Portal 3.5 has support for SSO via our SSO plugin
from sravan to Everyone:
@Ben Sorry API Portal is not creating both application or notification regarding the application created by administrator.
from sravan to Everyone:
@Dana, thank you for the reply. Does it means Okta is suuported with both API Portal and API Gateway
from Aaron Flint to Everyone:
@sravan, while the API Gateway does not specifically test against this particular SSO vendor, you can probably configure the Gateway to authenticate with the tokens that it provides
from Dana Crane to Everyone:
as aaron states, we generically work with any SSO system that can issue a SAML token. Typically, you need to adjust Gateway policy to create the integration
from sravan to Everyone:
@Aaron, Dana Thank you!
from Ben Urbanski to Everyone:
@sravan - An administrator should be able to create applications. If that's not working in your portal, then I suggest opening a support case.
from sravan to Everyone:
@Ben, Thank you! i will ask my team to raise a ticket for support.
from Alejandro to Everyone:
reminder... how can i capture the request/response details for requests? i thought "add audit details" assertion would do it for me, but i don't see any details in my audit. nor do i see request type, size, etc...
from Aaron Flint to Everyone:
@Alejandro, you can do this one of 2 ways.
from Aaron Flint to Everyone:
1. In the "Audit Message in Policy" assertion, there is a checkbox for "save request" and "save response"
from Aaron Flint to Everyone:
if you check these boxes, the request and/or response message will be saved as part of the regular audit record
from sravan to Everyone:
Just for the developer knowledge and overview of the design, Is there any document that provides the code architecture of the Gateway (which gives info on where assertions and policies are stored, what implications when any source code is changed for customization per requirement)
from Aaron Flint to Everyone:
2. You can use the "Add Audit Details" assertion, and reference the request or response as a context variable (I'd have to check which variable it is).
from Aaron Flint to Everyone:
both of these options would add the request and/or response to the regular audit record for each request.
from Alejandro to Everyone:
@Aaron, I tried the first recommendation... But I still don't see the request/response tab enabled.
from Kristen Malzone (CA) to Everyone:
13 minutes left! Get your final questions in now!
from Aaron Flint to Everyone:
@Alejandro - the request/response tab is used if you use method #1
from Aaron Flint to Everyone:
if you use method #2 (which you are), you will see the request and response as part of the details
from Aaron Flint to Everyone:
in the "associated logs" tab
from Alejandro to Everyone:
thought i was using approach #1
from Alejandro to Everyone:
by adding the assertion and ticking the boxes to store request/responses
from Aaron Flint to Everyone:
oh, sorry - you did say that
from Alejandro to Everyone:
should i expect to see anything in the request/response tabs with this approach?
from Aaron Flint to Everyone:
and you're not seeing the request and response tabs for your particular policy? Yes, in this case you should see request and response in those tabs
from Alejandro to Everyone:
they are disabled for my requests.
from Alejandro to Everyone:
audit.messageThreshold is set to INFO
from Aaron Flint to Everyone:
does the request/response appear if you set the audit.messageThreshold to the default WARNING?
from Alejandro to Everyone:
nope
from Alejandro to Everyone:
it defaults to WARNING in the assertion
from Aaron Flint to Everyone:
what type of request are you making to your service? Is it an HTTP GET, or otherwise a request without a body?
from Alejandro to Everyone:
i tried a GET, then a POST... i considered a GET might not have content, but i would definitely expect a POST to have content.
from Aaron Flint to Everyone:
when you sent your POST, what was the content?
from Alejandro to Everyone:
yes
from sravan to Everyone:
Any plan for this chat support for CA API Management product Suite as well (as CA supports for most of other products) to get the quick answers for small questions or to know best practices 24/7?
from Aaron Flint to Everyone:
@Alejandro, it sounds like something is going on, but I'm not sure what - the functionality should work as you describe it. Can you open a support ticket so that they can help you with this?
from Alejandro to Everyone:
thanks, i sure can.. i was just trying to confirm my thinking about the assertion and wondering if i skipped a step somewhere.
from Aaron Flint to Everyone:
@sravan - regarding the question about code design documentation, I don't think we have anything like this (that would be public facing).
from Kristen Malzone (CA) to Everyone:
Alright - that's all the time we have for today! Thanks for joining today. We'll post the transcript from today's chat and next month's session to the CA API Management Community later today:
from Dustin Dauncey (CA) to Everyone:
Hi @sravan, At this time there is no plan to implement this for our product. It is evaluated product-by-product across CA Support.
from Kristen Malzone (CA) to Everyone:
CA API Management Office Hours happen the 2nd Thursday of every month.
from sravan to Everyone:
Thank you Everyone for the help!
from Kristen Malzone (CA) to Everyone:
@Sravan