Limit OAuth Manager Portal when NOT using on DMZ gateway

book

Article ID: 126382

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

I'm reaching out to see if there is a way to limit the exposure of the .../oauth/manager portal to isolate its access when it is only accessible within the internal network. Currently, our oauth manager portal is accessible from anywhere via the URL: https://gatewayserver.company.com:8443/oauth/manager; is there anyway to do this?

Note we are not using the DMZ/internal design approach for our solution


 

Environment

OTK Kit 4.2 

Resolution

The DMZ / Internal is the out-of-box approach when installing it allows for selecting services for DMZ and internal access

However there is another customizable approach

Attached policy export that can be used to limit OAuth manager access by IP address range (NOTE Policy AS IS)

Suggest importing policy into a temp location, then perform a copy of the “At least one assertion must evaluate to true" to Folder: OTK -> Customization -> oauth manager -> #oath manager config;  this policy runs when OAuth/Manager is accessed, default is only comments

To customize access modify line 8 and enter IP Address range (example 138.42.47.0/24)
 

<Please see attached file for image>

OAuth manager access

Attachments

1558687256593000126382_sktwi1f5rjvs16f8f.png get_app
1558537068358OAuth_customization-manager_access.xml get_app