CA API Management: OAuth Tokens are logged in clear text

book

Article ID: 107975

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

When reviewing the SSG log you may notice access tokens are being logged in clear text, for example:

 
20180726 13:16:53.822INFO -4error: invalid_request, error_description: Access token does not exist (expired, revoked, replaced, unknown, ...). access_token='e62d0e32-096e-424d-a29e-bf76d9857e8d'

Environment

Release:
Component: APIGTW

Resolution

This entry is only logged for expired or revoked tokens. No active tokens will be logged on the system.
To avoid these being logged you can set the below cluster wide property:

Open Policy Manager
1) Navigate to Tasks -> Global Settings -> Manager Cluster-Wide Properties
2) Add the below property name and value:

name: audit.detailThreshold 
value: WARNING