OAuth issue
search cancel

OAuth issue

book

Article ID: 272337

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Version 10.1 CR03

Setup: Dual Gateway Scenario - We have DMZ and Internal Gateway

We have recently installed the OAuth toolkit, we made all the setup and config required for Dual Gateway Scenario

When doing test, we seeing some errors. when calling a test client, (when clicked on "run" in test client page), the page is not being directed to authorization server for login, instead we see Authorization Error 

Environment

Release : 10.1

Cause

Test Client is a sample APP used for testing only. It is included in the Internal Tools portion of the install of OTK Toolkit

Link

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-6/installation-workflow/verify-the-installation/run-the-oauth-2-0-test-client.html

The Client is not added to the DMZ gateway, it also comes with some warning in the link 

WARNING for TestClient 

Note the following security precautions when using the test client:

  • Do not install the test client on production systems.
  • Do not install the test client on a Gateway that is available on the Internet.
  • Modify the test client to use your own specific client credentials.
  • Remove the test client from the OAuth Manager when it is no longer needed.

 

Resolution

TestClient should not be used in the Dual DMZ Gateway setup 

Powered by Wolken Software