Layer 7 API Management: OAuth Toolkit Hard-coded Ports

book

Article ID: 77512

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

There are times when the default port of 8443 is undesirable when using the OTK. Such is the case when a load balancer is fronting the Gateway and communicates over port 443.

How can the hard-coded port, 8443, be modified in the OTK policies? 

Environment

Release:
Component: APIESM

Resolution

There are several policies that contain the hard-coded port. Depending on your needs you will need to modify these policies to remove the port.  Open each policy and use the policy search to locate context variables containing '8443'.

For OTK 4.0 and newer some of these policies are read-only. You will need to copy the variables from the base policy into the corresponding hash policies, ie: #OTK Variable Configuration.

OTK Authorization Server Configuration 
OTK Variable Configuration
OTK Client Context Variables
OTK id_token configuration
OAuth 2.0 Client - authorization_code 
OAuth 2.0 Client - ropc
OAuth 2.0 Client - SAML-Bearer  
OAuth manager config
OTK OVP Configuration
OTK Storage Configuration

 

Additional Information

For 4.x, please reference the documentation located here: https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-4/customizing-the-oauth-toolkit/set-an-alternative-https-port.html