About OTK logging

book

Article ID: 101633

calendar_today

Updated On:

Products

CA API Gateway (Layer 7) SA94 to API SECURITY STARTER PACK-7 CA Rapid App Security MOBILE API GATEWAY CA Mobile - API Gateway CA API Gateway

Issue/Introduction



About OTK, is it possible to acquire logs (including user information etc.) when performing authentication? 

Environment

CA API Gateway 
CA API Management OAuth Toolkit 

Resolution

In the meaning of "authentication" in OAuth, there are two meanings of "authentication of user (resource owner)" and "authentication of" OAuth Client ".


Authentication of "user (resource owner)" is done with API of / login.
By executing the API, execution of authentication is performed with "OTK User Authentication" encapsulation assertion.
If authentication succeeds with this assertion, resource owner information is output with $ {current.username} or $ {resource_owner}.


Authentication of API Client is done with API of / token.
By executing the API, authentication is performed with "OTK Client Authentication" encapsulation assertion.
If authentication succeeds with this assertion, Client ID information will be output with $ {client_id}.

These variables can be output to the log in the following way.
  . Create Policy with Add Audit Details Assertion

  .Set up Traffic Log at log sync and set the cluster property trafficlogger.detail
Specify $ {resource_owner} or $ {client_id} in