search cancel

Add LDAP Users as Admins to OAuth Manager

book

Article ID: 229936

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

We need to include some LDAP authentication users as admins of the OAuth Manager in order to create and change OTK clients.

Environment

API Gateway 10.X

Resolution

Step 1: Open the OTK User Authentication Extension policy and turn on ‘Show Comments’ and ‘Show Assertion Numbers’

 

Step 2: Copy line 10 and update the comments to reflect your LDAP configuration

Step 3: Expand line 16 and double-click the Request: Authenticate against Internal Identity Provider assertion and select your LDAP instance. Double-click the Extract Attributes for Authenticated User assertion and select your LDAP instance.

Step 4: Right-click on line 9 and select the Add ‘At least one…’ Folder

Step 5: Move both IDP logic blocks into the folder – it should look like the following:

Step 6: Click Save and Activate

Step 7: Open the OTK User Attribute Look Up Extension policy and turn on ‘Show Comments’ and ‘Show Assertion Numbers’

Step 8: Click on line 5 and line 6

Step 9: Make a copy of line 8 and disable the first copy

Step 10: Double-click line 9; click the entry under Rules and click Edit

Step 11: Add a pipe “|” and each username that will be logging into the OAuth Manager

Step 12: Click OK and click OK again – Click Save and Activate

 

NOTE: The user(s) logging in to the OAuth Manager must have the Administrator role within the Policy Manager. If a user isn’t defined in the OTK User Attribute Look Up Extension policy, they WILL NOT be able to see all of the client keys. They will only see the client keys they have created.

 

Additional Information

REF: 

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-4/installation-workflow/configure-authentication/support-optional-authentication-mechanisms.html

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-4/otk-user-role-configuration.html

Attachments