I think we have a problem with an OTK+API Portal implementation.
I said "I think" because rigth now we have an error with a certificate before, but by the tests done so far, once we solve the error, we will find a problem.
We hace this implementation Multiple Gateway Scenario - CA API Management OAuth Toolkit - 4.1 - CA Technologies Documentation
but with two API Portal, one in the DMZ and one in the internal zone.
Here is the question...
The clients applications of the DMZ API portal must be able to generate token and validate them against the OTK of the internal zone directly and through the OTK component of the DMZ, is that so?
Thank you in advance for your support.