I read in the documentation for the CA API Developer Portal that it is required to have the OAuth Toolkit installed and configured to enroll an API Gateway. My question is what role does OAuth play with the enrollment process and to what extent? Are their any limitations as far as how the OAuth Toolkit is configured? Can I use an Internal Identity provider as part of my OAuth toolkit to enroll a gateway or does it need to be a federated identity provider. Reason I ask is because we are currently just using Windows Integrated Authentication for our services published on the API Gateway and have not had to setup an identity provider.
The OTK is an Oauth server, it's for the API/app published from portal, or from gateway.
The portal has its own user storage, it won't use any idp from gateway. portal can also integrate with ldap/AD
Speaking to the "Are there any limitations as far as how the OAuth Toolkit is configured” question, I wanted to raise the documentation (https://docops.ca.com/ca-api-developer-portal-enhanced-experience/4-2/en/set-up-and-maintenance/integrate-on-premise-api-proxies) which states the following:
"The API Portal only supports the default OTK installation. Do not install it with an instance modifier. Also, the OTK must be installed with JDBC connection name OAuth.
The above is all I'm aware of exists as far as limitations go. But ideally, it'd be a fresh install of OTK to eliminate any outliers.
Thanks for providing these details. I was planning on setting up a fresh OTK install without any customization so this is good to know.