Limit OAuth Manager Portal when NOT using on DMZ gateway
Article ID: 126382
Updated On:
Products
STARTER PACK-7
CA Rapid App Security
CA API Gateway
Issue/Introduction
I'm reaching out to see if there is a way to limit the exposure of the .../oauth/manager portal to isolate its access when it is only accessible within the internal network. Currently, our oauth manager portal is accessible from anywhere via the URL: https://gatewayserver.company.com:8443/oauth/manager; is there anyway to do this?
Note we are not using the DMZ/internal design approach for our solution
Note we are not using the DMZ/internal design approach for our solution
Environment
OTK Kit 4.2
Resolution
The DMZ / Internal is the out-of-box approach when installing it allows for selecting services for DMZ and internal access
However there is another customizable approach
Attached policy export that can be used to limit OAuth manager access by IP address range (NOTE Policy AS IS)
Suggest importing policy into a temp location, then perform a copy of the “At least one assertion must evaluate to true" to Folder: OTK -> Customization -> oauth manager -> #oath manager config; this policy runs when OAuth/Manager is accessed, default is only comments
To customize access modify line 8 and enter IP Address range (example 138.42.47.0/24)
However there is another customizable approach
Attached policy export that can be used to limit OAuth manager access by IP address range (NOTE Policy AS IS)
Suggest importing policy into a temp location, then perform a copy of the “At least one assertion must evaluate to true" to Folder: OTK -> Customization -> oauth manager -> #oath manager config; this policy runs when OAuth/Manager is accessed, default is only comments
To customize access modify line 8 and enter IP Address range (example 138.42.47.0/24)
<Please see attached file for image>
Attachments
Feedback
Yes
No
Powered by
