CA API Management: OAuth Tokens are logged in clear text
Article ID: 107975
Updated On:
Products
CA API Gateway (Layer 7)
SA94 to API SECURITY
STARTER PACK-7
CA Rapid App Security
MOBILE API GATEWAY
CA Mobile - API Gateway
CA API Gateway
Issue/Introduction
When reviewing the SSG log you may notice access tokens are being logged in clear text, for example:
| 20180726 13:16:53.822 | INFO | -4 | error: invalid_request, error_description: Access token does not exist (expired, revoked, replaced, unknown, ...). access_token='e62d0e32-096e-424d-a29e-bf76d9857e8d' |
Environment
Release:
Component: APIGTW
Component: APIGTW
Resolution
This entry is only logged for expired or revoked tokens. No active tokens will be logged on the system.
To avoid these being logged you can set the below cluster wide property:
Open Policy Manager
1) Navigate to Tasks -> Global Settings -> Manager Cluster-Wide Properties
2) Add the below property name and value:
name: audit.detailThreshold
value: WARNING
To avoid these being logged you can set the below cluster wide property:
Open Policy Manager
1) Navigate to Tasks -> Global Settings -> Manager Cluster-Wide Properties
2) Add the below property name and value:
name: audit.detailThreshold
value: WARNING
Feedback
Powered by
