Deploy Api's form portal 5.x to proxy gateway is not working
search cancel

Deploy Api's form portal 5.x to proxy gateway is not working

book

Article ID: 245379

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

When we deploy api' s and applications on portal  they don't sync with the api gateway.

It also seems that there is an error when correctly deploying test api's and when we try to delete them it is not possible either.

The ssg logs on the gateway shows the following error when a new api is deployed from portal .

2022-06-27T17:01:21.409+0200 INFO    265 com.l7tech.server.policy.assertion.ServerSslAssertion :   4114: Found client certificate for portalman.xxxxxxxxxxxxx
2022-06-27T17:01:21.409+0200 WARNING 265 com.l7tech.server.identity.internal.InternalIdentityProviderImpl :   2034: Unable to build path for Certificate CN=portalman.xxxxxxxxxxxxx unable to find valid certification path to requested target
2022-06-27T17:01:21.409+0200 INFO    265 com.l7tech.server.policy.assertion.identity.ServerAuthenticationAssertion :   4207: Invalid client certificate for portalman.xxxxxxxxxxxxx
2022-06-27T17:01:21.409+0200 INFO    265 com.l7tech.server.policy.assertion.identity.ServerAuthenticationAssertion :   4208: Authentication failed for identity provider ID 0000000000000000fffffffffffffffe
2022-06-27T17:01:21.409+0200 INFO    265 com.l7tech.external.assertions.comparison.server.ServerComparisonAssertion :   7103: At least one comparison value was null
2022-06-27T17:01:21.409+0200 INFO    265 com.l7tech.server.MessageProcessor :   3017: Policy evaluation for service Gateway REST Management Service [ffdfef6b7db0208b5aaf526669142d78] resulted in status 402 (Authentication Failed)
2022-06-27T17:01:21.409+0200 WARNING 265 com.l7tech.server.message :   Message was not processed: Authentication Failed (402)

Environment

Release : 5.1

Component :

Resolution

The error indicate a problem with the portalman private key which is used to authenticate when calling the restman service on the local gateway to apply the api bundle update.

This problem will occur when the default certifcate validation has been changed to "validatepath"

If you change the default certificate validation from validate to validatepath  you need to have the certificate  for portalman  imported in the certificate store and have it mark  as trust anchor .

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-1/security-configuration-in-policy-manager/tasks-menu-security-options/manage-certificates/manage-certificate-validation.html

When installing the portal integration bundle this is not automatically done and needs to be done manual .