Layer7 API Management

  • 1.  OTK Basic Setup

    Posted Dec 04, 2018 01:47 PM

    Hi there,

     

    I'm new to the OTK world and was asking to see if anyone could show me how OTK works or is used? Like is there a basic setup format or policy layout or template or outline on what to do? Or what are the steps to take to accomplish that and verify that it works properly?

     

    I have already installed the MAG and OTK solution kits and have the added assertions and everything for those two solutions.

     

    I just want to know what are the first steps to building out, creating, setting up OTK for usage and testing? Like what configurations do I need to modify? What assertions to use? What a sample policy outline should look like?

     

    I have also gone to the OAuth Manager, OAuth Authorization Server, and OAuth v2 Test Client URLs. I tried to also initiate an Oauth Handshake and it will tell me that there is an "error: invalid_redirect_uri is invalid" and the description says "One or more redirect_uri values are invalid. Given 'https://<GatewayHost>:8443/oauth/v2/client/authcode?auth=done'"

     

    What does this mean and why is this occurring when I haven't made any modifications?



  • 2.  Re: OTK Basic Setup

    Broadcom Employee
    Posted Dec 04, 2018 06:12 PM

    Here are a few links that can get you started:

    Problem with OTK 3.5.00 install - relates to the error that you presented. The version may be older than what you are using the issue is still the same and can be corrected in the same manner

     

    OTK : How to secure API?  - general overview of how to include the OAuth pieces into a service

     

    Secure an API Endpoint with OAuth 2.0 - CA API Management OAuth Toolkit - 4.3 - CA Technologies Documentation - Further documentation on how to secure an API Endpoint

     

    Sincerely,

     

    Stephen Hughes

    Broadcom Support



  • 3.  Re: OTK Basic Setup

    Posted Dec 05, 2018 09:36 AM

    I replaced the callback URL in placement of the Gateway IP/hostname in the https://ssg920.ca.com:8443/oauth/v2/client/bcp?auth=done and ran an OAuth handshake and still get this same error? Any way to fix this still?



  • 4.  Re: OTK Basic Setup
    Best Answer

    Broadcom Employee
    Posted Dec 05, 2018 09:42 AM

    Hi Tiffany,

     

    It looks like the first error was related to the OAuth2Client and the 2nd error is referring to the OpenID test client.

    Login to Oauth manager and look for the client named OpenID Connect Basic Client Profile. Edit this and make sure the callback url is set to https://ssg920.ca.com:8443/oauth/v2/client/bcp?auth=done.

     

    Or, it could be the other way around. Edit the OAuth2Client and make sure the callback is set to https://ssg920.ca.com:8443/oauth/v2/client/authcode?auth=done

     

    Where ssg920.ca.com is set to the FQDN of the Gateway.

     

    Regards,

    Joe



  • 5.  Re: OTK Basic Setup

    Broadcom Employee
    Posted Dec 05, 2018 04:45 PM

    The steps to modify the OAuth test clients, basically changing the callback URL's are described here:

     

    Verify the Installation - CA API Management OAuth Toolkit - 4.2 - CA Technologies Documentation 

     

    Cheers - Mark