Layer7 API Management

Hello,


There is a list of APIs defined in swagger document: " https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-3/apis-and-assertions/oauth-toolkit-apis.html ".

Couple of them requires "Authentication is done via SSL mutual authentication". I am trying to test them via Postman, is it possible to surpass "Authentication is done via SSL mutual authentication". 

Also, I tried "/oauth/clientstore/clientKeys/count". But got below error:-



Please advise.

Thanks !!

Hi Ankush,

You would need to disable the client cert check in the policies for the API. You can set this to false.
If you must do this, be very careful and only do this in a controlled testing environment as these are intended to be secured.

Otherwise, you can export the private key and import it to Postman for mutual auth.


Original Message:
Sent: 12-12-2019 09:51 AM
From: ankush raj
Subject: OAuth ToolKit APIs

Hello,


There is a list of APIs defined in swagger document: " https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-3/apis-and-assertions/oauth-toolkit-apis.html ".

Couple of them requires "Authentication is done via SSL mutual authentication". I am trying to test them via Postman, is it possible to surpass "Authentication is done via SSL mutual authentication". 

Also, I tried "/oauth/clientstore/clientKeys/count". But got below error:-

Please advise.

Thanks !!

Hi Joe,

These are API's are part of the OAuth ToolKit and I don't see them in the OTK installation folder / Policies.

Ex:--



I tried importing gateway keys to the postman, but the error remains the same.

Thanks,
Ankush


Thanks !!
Original Message:
Sent: 12-12-2019 09:56 AM
From: Joe Dascole
Subject: OAuth ToolKit APIs

Hi Ankush,

You would need to disable the client cert check in the policies for the API. You can set this to false.
If you must do this, be very careful and only do this in a controlled testing environment as these are intended to be secured.

Otherwise, you can export the private key and import it to Postman for mutual auth.

Original Message:
Sent: 12-12-2019 09:51 AM
From: ankush raj
Subject: OAuth ToolKit APIs

Hello,


There is a list of APIs defined in swagger document: " https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-3/apis-and-assertions/oauth-toolkit-apis.html ".

Couple of them requires "Authentication is done via SSL mutual authentication". I am trying to test them via Postman, is it possible to surpass "Authentication is done via SSL mutual authentication". 

Also, I tried "/oauth/clientstore/clientKeys/count". But got below error:-

Please advise.

Thanks !!

Hi Ankush,

The endpoints for the API's are published as wildcard services, so you will see /oauth/clientstore/*
The key that is used would need to be part of a Federated Identity.

Regards,
Joe
Original Message:
Sent: 12-13-2019 10:04 AM
From: ankush raj
Subject: OAuth ToolKit APIs

Hi Joe,

These are API's are part of the OAuth ToolKit and I don't see them in the OTK installation folder / Policies.

Ex:--

I tried importing gateway keys to the postman, but the error remains the same.

Thanks,
Ankush


Thanks !!
Original Message:
Sent: 12-12-2019 09:56 AM
From: Joe Dascole
Subject: OAuth ToolKit APIs

Hi Ankush,

You would need to disable the client cert check in the policies for the API. You can set this to false.
If you must do this, be very careful and only do this in a controlled testing environment as these are intended to be secured.

Otherwise, you can export the private key and import it to Postman for mutual auth.

Original Message:
Sent: 12-12-2019 09:51 AM
From: ankush raj
Subject: OAuth ToolKit APIs

Hello,


There is a list of APIs defined in swagger document: " https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-3/apis-and-assertions/oauth-toolkit-apis.html ".

Couple of them requires "Authentication is done via SSL mutual authentication". I am trying to test them via Postman, is it possible to surpass "Authentication is done via SSL mutual authentication". 

Also, I tried "/oauth/clientstore/clientKeys/count". But got below error:-

Please advise.

Thanks !!