search cancel

OAuth Manager does not display clients from "Manage Client" tab

book

Article ID: 42585

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

In version 8.3 of the CA API Gateway with version 3.0 of the OAuth ToolKit (OTK), the OAuth Manager client tab (/oauth/manager/clients) does not display any clients whether they were created by default or added by the user. This is due to a missing input on the "OTK Client DB Get" encapsulated assertion.

After logging in to the OAuth Manager and clicking Clients, no clients are shown.? However, data like the following is visible when running a "select * from <otk_dbname>.oauth_client;" command against the datastore:
+----------------------------------------+----------------------------------------+--------------+------------------------------------------------------------+--------------------------+---------------+------------+
| client_ident | name | type | description | organization | registered_by | created |
+----------------------------------------+----------------------------------------+--------------+------------------------------------------------------------+--------------------------+---------------+------------+
| 123456800-otk | OpenID Connect Basic Client Profile | confidential | Test for OpenID Connect BCP| Layer7 Technologies Inc. | admin | 0 |
| 123456801-otk | OpenID Connect Implicit Client Profile | public | Test for OpenID Connect ICP | Layer7 Technologies Inc. | admin | 0 |
| 18661300-45df-4cdc-826f-23e402275463 | MAG Manager | confidential | MAG Manager is used to manage registered devices | CA Technologies | admin | 0 |
| 6438edb0-3e74-mag-test-msso-clientAppA | AppA | confidential | Example application for Mobile SSO demonstrations | CA Technologies | admin | 0 |
| 6438edb0-3e74-mag-test-msso-clientAppB | AppB | confidential | Example application for Mobile SSO demonstrations | CA Technologies | admin | 0 |
| 6438edb0-3e74-mag-test-msso-clientAppC | AppC | confidential | PhoneGap example application for Mobile SSO demonstrations | CA Technologies | admin | 0 |
| c716ac35-ae5b-4870-bfa1-5530c65952f9 | MAG Authorization Server | confidential | Used to support social login via the MAG | CA Technologies | admin | 0 |
| TestClient1.0 | OAuth1Client | oob | OAuth 1.0 test client hosted on the ssg | Layer7 Technologies Inc. | admin | 0 |
| TestClient2.0 | OAuth2Client | confidential | OAuth 2.0 test client hosted on the ssg | Layer7 Technologies Inc. | admin | 0 |
+----------------------------------------+----------------------------------------+--------------+------------------------------------------------------------+--------------------------+---------------+------------+

Environment

Release:
Component: APIGTW

Resolution

Use the following procedure to resolve the issue:

  1. Log into the Policy Manager as an administrator.
  2. Search for "OTK Client DB GET" in the services palette.
  3. Right click on the policy and select "Encapsulated Assertion Properties".? The Encapsulated Assertion Configuration Properties window will open.
  4. In the "Inputs" section click Add, enter "dbsystem" (without the quotation marks) as the Name, then click OK, then click OK again.
  5. Use a browser to test the OAuth Manager Client view.

Additional Note: Clients and tokens appear in the OAuth manager only if the logged-in user is either "admin" or "pmadmin" from the Internal Identity Provider. To change this, edit the policy fragment "oauth manager set valid user" by modifying the users in the VALID ADMINS "At least one" branch.