search cancel

Layer 7 API Management: Unable To Generate Tokens With OTK 4.4 and Portal 3.5


Article ID: 198935


Updated On:


CA API Developer Portal


In an environment where Portal 3.5 is configured to manage Oauth Clients with OTK 4.4 installed then it is likely that any attempt to generate tokens will fail and result in an audit messages such as:


error: invalid_request, error_description: invalid client_key, given key: 'XXXXXXXXX', secret: 'XXXXXXXXXXXXXX

XPath pattern didn't match response or target message; assertion therefore fails; XPath is '/ns:values/ns:keys/ns:values/ns:value/ns:masterkey_flag'.


OTK 4.4 adds a new column to the oauth_client_key table within the otk database called masterkey_flag.  The new otk 4.4 policy is expecting that this column be present when checking data associated with client information.

If portal 3.5 is configured to manage the oauth clients then the data is actually stored in the gateway's ssg database within the generic_entity table and not directly in the OTK DB, as such there is no information associated with this new masterkey_flag which results in the OTK Client Validation Fragment failing and no token will be generated.


Portal 3.5 configured to manage Oauth Clients

OTK 4.4


The OTK Client DB GET Extension policy requires an update to handle the columns added in OTK 4.4.

In the Policy Manager, open the OTK Client DB GET Extension policy.
The OTK Client DB Get Extension policy is located in OTK/Customizations/persistence.
Click Import Policy and select the 'OTK Client DB GET Extension 4.4+.xml' file.(attached to this KB Article)
The default policy code is replaced.
Click Save and Activate.


You should now be able to generate tokens successfully.


1599570087723__OTK Client DB GET Extension 4.4+.xml get_app