CA API Management: OAuth Tokens are logged in clear text
book
Article ID: 107975
calendar_today
Updated On:
Products
STARTER PACK-7CA Rapid App SecurityCA API Gateway
Issue/Introduction
When reviewing the SSG log you may notice access tokens are being logged in clear text, for example:
20180726 13:16:53.822
INFO
-4
error: invalid_request, error_description: Access token does not exist (expired, revoked, replaced, unknown, ...). access_token='e62d0e32-096e-424d-a29e-bf76d9857e8d'
Environment
Release: Component: APIGTW
Resolution
This entry is only logged for expired or revoked tokens. No active tokens will be logged on the system. To avoid these being logged you can set the below cluster wide property:
Open Policy Manager 1) Navigate to Tasks -> Global Settings -> Manager Cluster-Wide Properties 2) Add the below property name and value: