Disclaimer: Have been using this all of 2.5 days...so as newb as can be .

The OTK 3.5 was installed and I can get to the manager, create clients + keys etc. Resource owner password creds, client credentials, and SAML bearer test client all work.

However, the "authorization code" flow does not function. It always errors out with the message below after a POST to the ../login. In this case I'm just trying the provided test client at /oauth/v2/client/authcode...tried creating others as well and they all fail with same error.

Steps:

- I go to https://mytestgateway:8443/oauth/v2/client/authcode

- I choose the "Authorization Code" option

- I click "Initiate" under Initiate new OAuth handshake

- I enter my username + password

- I am display error message invalid_request

------------------------------

POST https://mytestgateway:8443/auth/oauth/v2/authorize/login HTTP/1.1

HTTP/?.? 400 Bad RequestServer: Apache-Coyote/1.1x-ca-err: 3001103Cache-Control: no-store

OAuth 2.0 Authorization Server

Hello,

This could be any number of things. To start off with after installing the OTK did you perform the post-install configurations steps this is required for the OTK to function properly?

Post-Installation Tasks - CA API Management OAuth Toolkit - 3.5 - CA Technologies Documentation 

Hi CBertagnolli,

I agree with Barry and in particular I would take note of the below statement as it seems to be the most frequent cause of this error with new installs:

"The online uuidgenerator.net tool creates a hyphenated UUID value of 36 characters such as: 7b050d4c-3e81-4cfe-894c-e08a49d1fc22. With the hyphens, this UUID is more than 256 bits. Remove the hyphens to create a valid 32 character value for the otk_session_secret_encryption parameter."

Regards,

Joe

Thanks for the replies dasjo02 and barry. We worked with a CA engineer yesterday afternoon and turned out it was indeed the 256-bit issue. It has the hyphens and wasn't exactly 256.

Hi there,

I am facing similar issue with OTK 3.5, could you please let me know how it can be fixed.

Thanks,

Ankush

Hi Ankush,

Can you confirm you have followed the post install steps? The issue here was the value of otk_session_secret_encryption had to be exactly 256-bit / 32 characters.

Post-Installation Tasks - CA API Management OAuth Toolkit - 3.5 - CA Technologies Documentation 

Regards,

Joe

Hi Joe,

Yes I have performed steps :--

*************

A client with the following properties is seeking access to resources:

Please grant or deny the request

*************

On clicking, getting below error :--

******************************

2017-02-24T14:37:49.769+0530 INFO 1836 com.l7tech.server.message: Processing request for service: OAuth 2.0 Client - authorization_code [/oauth/v2/client/authcode*]
2017-02-24T14:37:49.771+0530 INFO 1836 com.l7tech.server.policy.assertion.credential.http.ServerCookieCredentialSourceAssertion: 4100: Authentication required
2017-02-24T14:37:49.772+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7101: Comparison did not match: ${dbsystem} is equal to cassandra
2017-02-24T14:37:49.773+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7101: Comparison did not match: ${cacheKey} is not empty
2017-02-24T14:37:49.774+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7101: Comparison did not match: ${clearSessionForm} is not empty (case sensitive)
2017-02-24T14:37:49.776+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7101: Comparison did not match: ${action} is equal to refresh (case sensitive)
2017-02-24T14:37:49.777+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7101: Comparison did not match: ${action} is equal to callapi (case sensitive)
2017-02-24T14:37:49.778+0530 WARNING 1836 com.l7tech.server.policy.assertion.ServerHttpRoutingAssertion: 4042: Problem routing to https://api92.gateway.com:8443/auth/oauth/v2/token. Error msg: Unable to obtain HTTP response from https://api92.gateway.com:8443/auth/oauth/v2/token: No route to host
2017-02-24T14:37:49.784+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7101: Comparison did not match: ${action} is equal to clearSession (case sensitive)
2017-02-24T14:37:49.793+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7103: At least one comparison value was null
2017-02-24T14:37:49.795+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7103: At least one comparison value was null
2017-02-24T14:37:49.798+0530 INFO 1836 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion: 7103: At least one comparison value was null
2017-02-24T14:37:49.803+0530 WARNING 1836 com.l7tech.server.message: Message processed successfully

******************************

does scope have to be  " oob " ?

Kindly advise.

Thanks,

Ankush

Hello Ankush,

"No route to host" is another problem, and it should be a network problem.

Is api92.gateway.com the hostname of current gateway? Is it external name or internal name? Can you ping api92.gateway.com from the current gateway?

Regards,

Mark