About OTK logging
search cancel

About OTK logging

book

Article ID: 101633

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction



About OTK, is it possible to acquire logs (including user information etc.) when performing authentication? 

Environment

CA API Gateway 
CA API Management OAuth Toolkit 

Resolution

In the meaning of "authentication" in OAuth, there are two meanings of "authentication of user (resource owner)" and "authentication of" OAuth Client.


Authentication of "user (resource owner)" is done with API of /login.
By executing the API, execution of authentication is performed with "OTK User Authentication" encapsulation assertion.
If authentication succeeds with this assertion, resource owner information is output with ${current.username} or ${resource_owner}.


Authentication of API Client is done with API of /token.
By executing the API, authentication is performed with the "OTK Client Authentication" encapsulation assertion.
If authentication succeeds with this assertion, Client ID information will be output with ${client_id}.

These variables can be output to the log in the following way.
  -Create a policy with an Add Audit Details Assertion

  -Specify ${resource_owner} or ${client_id} within the add audit details assertion to log the resource owner and client id.