OTK Oauth Manager login error - invalid request
search cancel

OTK Oauth Manager login error - invalid request

book

Article ID: 137173

calendar_today

Updated On:

Products

CA API Gateway API SECURITY

Issue/Introduction

Customer may experience the following error while login into the  OAuth Manager (https://<gateway>:8443/oauth/manager)




 

Environment

Release : Gateway  10.x 11.x

Component : API GATEWAY

OTK 4.3 OTK 4.4 OTK 4.5 OTK 4.6

Cause

The OAuth Manager service include API XSS Protection logic which cause the authentication to fails immediately if the ${request.mainpart} and ${request.url} contain a special character that matches regular expression pattern (%3c|[<])(\w|%(?!20)) 



In order to confirm the case, verify in Audit Log for error such the following one:



Usually this can be caused by special character in the Admin password matching the specific pattern condition, such for example "<".   

Resolution

Do not use prohibit characters in the Admin password that can conflict with the API XSS Protection assertion.
Powered by Wolken Software