Layer7 API Management

Expand all | Collapse all

OTK assertion in policy manager

Jump to Best Answer
  • 1.  OTK assertion in policy manager

    Posted 03-24-2020 03:40 PM
    When we drag & drop the "OTK Require OAuth 2.0 Token" assertion from the palate  in the service the functionality is not coming. We copy it from the other already developed policy the all the functionality of OAuth 2.0 coming properly. Please tell me how to configure  "OTK Require OAuth 2.0 Token" assertion in the service without coping from other already implemented service.


  • 2.  RE: OTK assertion in policy manager

    Posted 03-24-2020 03:45 PM
    Hi Anirban,

    When you drag and drop this into policy the only required parameter in the assertion is Cache Validation Result. Aside from that nothing needs configuring to accept an access token. It can be customized for scopes or hard code a token, but to just accept a valid token only that one field is required.

    What is the result when you drag and drop this setting this value (you can set to 30 to test)?

    Regards,
    Joe


  • 3.  RE: OTK assertion in policy manager

    Posted 03-24-2020 04:12 PM
    Hi Joe,
                 When I copy the OTK the result is like below which works fine.When we move the courser on the policy all the variable are showing.PFB:
     PFB when we drag & drop the assertion in the policy,When we move the courser on the policy all the variable are not showing like the copy one:

    Regards,
    Anirban


  • 4.  RE: OTK assertion in policy manager

    Posted 03-24-2020 04:22 PM
    This happens because policy validation feedback is turned on in the policy manager.
    It is a warning to let you know that the authorization/authentication is taking place AFTER some other action. In this case, the HTTP routing assertion.

    You should position all authorization/authentication statements at the top of the policy. This way nothing is processed if the auth fails.
    You can still and use the policy, to avoid this though I would re-position those or turn off policy validation feedback.




  • 5.  RE: OTK assertion in policy manager

    Posted 03-24-2020 04:56 PM
    Very sorry Joe m not getting this.
    "You should position all authorization/authentication statements at the top of the policy. This way nothing is processed if the auth fails."  Even I put the OTK policy on the top it will  same as before. Can you please let me know how to drag & drop the assertion "OTK Require OAuth 2.0 Token"  thus it's working properly.


  • 6.  RE: OTK assertion in policy manager
    Best Answer

    Posted 03-24-2020 05:15 PM
    No worries. Start with a new policy and structure it like this. If you put OAuth at the top it should get rid of the error on that assertion.
    This is like the first screenshot you shared above where there is no error on the OTK assertion. Ideally, the require oauth token should be the first line.

    If it is not clear perhaps please send me a message and we can chat about this tomorrow. In both cases, though you should be able to save and activate the policy as it is only a warning, it should not prevent you from using the service.
    otkThe error happens in the reverse order because you are allowing it to route somewhere before authenticating or authorizing a user.

    policy snippet



  • 7.  RE: OTK assertion in policy manager

    Posted 03-24-2020 05:25 PM
    Thanks a ton Joe . It's fine now .


  • 8.  RE: OTK assertion in policy manager

    Posted 03-25-2020 07:08 AM
    Good to hear Anirban, happy to help.