Layer7 API Management

When we drag & drop the "OTK Require OAuth 2.0 Token" assertion from the palate  in the service the functionality is not coming. We copy it from the other already developed policy the all the functionality of OAuth 2.0 coming properly. Please tell me how to configure  "OTK Require OAuth 2.0 Token" assertion in the service without coping from other already implemented service.

Hi Anirban,

When you drag and drop this into policy the only required parameter in the assertion is Cache Validation Result. Aside from that nothing needs configuring to accept an access token. It can be customized for scopes or hard code a token, but to just accept a valid token only that one field is required.

What is the result when you drag and drop this setting this value (you can set to 30 to test)?

Regards,
Joe
Original Message:
Sent: 03-24-2020 03:39 PM
From: Anirban Chakraborty
Subject: OTK assertion in policy manager

When we drag & drop the "OTK Require OAuth 2.0 Token" assertion from the palate  in the service the functionality is not coming. We copy it from the other already developed policy the all the functionality of OAuth 2.0 coming properly. Please tell me how to configure  "OTK Require OAuth 2.0 Token" assertion in the service without coping from other already implemented service.

Hi Joe,
             When I copy the OTK the result is like below which works fine.When we move the courser on the policy all the variable are showing.PFB:
 PFB when we drag & drop the assertion in the policy,When we move the courser on the policy all the variable are not showing like the copy one:

Regards,
Anirban
Original Message:
Sent: 03-24-2020 03:44 PM
From: Joe Dascole
Subject: OTK assertion in policy manager

Hi Anirban,

When you drag and drop this into policy the only required parameter in the assertion is Cache Validation Result. Aside from that nothing needs configuring to accept an access token. It can be customized for scopes or hard code a token, but to just accept a valid token only that one field is required.

What is the result when you drag and drop this setting this value (you can set to 30 to test)?

Regards,
Joe
Original Message:
Sent: 03-24-2020 03:39 PM
From: Anirban Chakraborty
Subject: OTK assertion in policy manager

When we drag & drop the "OTK Require OAuth 2.0 Token" assertion from the palate  in the service the functionality is not coming. We copy it from the other already developed policy the all the functionality of OAuth 2.0 coming properly. Please tell me how to configure  "OTK Require OAuth 2.0 Token" assertion in the service without coping from other already implemented service.

This happens because policy validation feedback is turned on in the policy manager.
It is a warning to let you know that the authorization/authentication is taking place AFTER some other action. In this case, the HTTP routing assertion.

You should position all authorization/authentication statements at the top of the policy. This way nothing is processed if the auth fails.
You can still and use the policy, to avoid this though I would re-position those or turn off policy validation feedback.


Original Message:
Sent: 03-24-2020 04:11 PM
From: Anirban Chakraborty
Subject: OTK assertion in policy manager

Hi Joe,
             When I copy the OTK the result is like below which works fine.When we move the courser on the policy all the variable are showing.PFB:

 PFB when we drag & drop the assertion in the policy,When we move the courser on the policy all the variable are not showing like the copy one:

Regards,
Anirban
Original Message:
Sent: 03-24-2020 03:44 PM
From: Joe Dascole
Subject: OTK assertion in policy manager

Hi Anirban,

When you drag and drop this into policy the only required parameter in the assertion is Cache Validation Result. Aside from that nothing needs configuring to accept an access token. It can be customized for scopes or hard code a token, but to just accept a valid token only that one field is required.

What is the result when you drag and drop this setting this value (you can set to 30 to test)?

Regards,
Joe
Original Message:
Sent: 03-24-2020 03:39 PM
From: Anirban Chakraborty
Subject: OTK assertion in policy manager

When we drag & drop the "OTK Require OAuth 2.0 Token" assertion from the palate  in the service the functionality is not coming. We copy it from the other already developed policy the all the functionality of OAuth 2.0 coming properly. Please tell me how to configure  "OTK Require OAuth 2.0 Token" assertion in the service without coping from other already implemented service.

Very sorry Joe m not getting this. 
"You should position all authorization/authentication statements at the top of the policy. This way nothing is processed if the auth fails."  Even I put the OTK policy on the top it will  same as before. Can you please let me know how to drag & drop the assertion "OTK Require OAuth 2.0 Token"  thus it's working properly.
Original Message:
Sent: 03-24-2020 04:22 PM
From: Joe Dascole
Subject: OTK assertion in policy manager

This happens because policy validation feedback is turned on in the policy manager.
It is a warning to let you know that the authorization/authentication is taking place AFTER some other action. In this case, the HTTP routing assertion.

You should position all authorization/authentication statements at the top of the policy. This way nothing is processed if the auth fails.
You can still and use the policy, to avoid this though I would re-position those or turn off policy validation feedback.


Original Message:
Sent: 03-24-2020 04:11 PM
From: Anirban Chakraborty
Subject: OTK assertion in policy manager

Hi Joe,
             When I copy the OTK the result is like below which works fine.When we move the courser on the policy all the variable are showing.PFB:

 PFB when we drag & drop the assertion in the policy,When we move the courser on the policy all the variable are not showing like the copy one:

Regards,
Anirban
Original Message:
Sent: 03-24-2020 03:44 PM
From: Joe Dascole
Subject: OTK assertion in policy manager

Hi Anirban,

When you drag and drop this into policy the only required parameter in the assertion is Cache Validation Result. Aside from that nothing needs configuring to accept an access token. It can be customized for scopes or hard code a token, but to just accept a valid token only that one field is required.

What is the result when you drag and drop this setting this value (you can set to 30 to test)?

Regards,
Joe
Original Message:
Sent: 03-24-2020 03:39 PM
From: Anirban Chakraborty
Subject: OTK assertion in policy manager

When we drag & drop the "OTK Require OAuth 2.0 Token" assertion from the palate  in the service the functionality is not coming. We copy it from the other already developed policy the all the functionality of OAuth 2.0 coming properly. Please tell me how to configure  "OTK Require OAuth 2.0 Token" assertion in the service without coping from other already implemented service.

No worries. Start with a new policy and structure it like this. If you put OAuth at the top it should get rid of the error on that assertion.
This is like the first screenshot you shared above where there is no error on the OTK assertion. Ideally, the require oauth token should be the first line.

If it is not clear perhaps please send me a message and we can chat about this tomorrow. In both cases, though you should be able to save and activate the policy as it is only a warning, it should not prevent you from using the service.

Original Message:
Sent: 03-24-2020 04:56 PM
From: Anirban Chakraborty
Subject: OTK assertion in policy manager

Very sorry Joe m not getting this.
"You should position all authorization/authentication statements at the top of the policy. This way nothing is processed if the auth fails."  Even I put the OTK policy on the top it will  same as before. Can you please let me know how to drag & drop the assertion "OTK Require OAuth 2.0 Token"  thus it's working properly.
Original Message:
Sent: 03-24-2020 04:22 PM
From: Joe Dascole
Subject: OTK assertion in policy manager

This happens because policy validation feedback is turned on in the policy manager.
It is a warning to let you know that the authorization/authentication is taking place AFTER some other action. In this case, the HTTP routing assertion.

You should position all authorization/authentication statements at the top of the policy. This way nothing is processed if the auth fails.
You can still and use the policy, to avoid this though I would re-position those or turn off policy validation feedback.


Original Message:
Sent: 03-24-2020 04:11 PM
From: Anirban Chakraborty
Subject: OTK assertion in policy manager

Hi Joe,
             When I copy the OTK the result is like below which works fine.When we move the courser on the policy all the variable are showing.PFB:

 PFB when we drag & drop the assertion in the policy,When we move the courser on the policy all the variable are not showing like the copy one:

Regards,
Anirban
Original Message:
Sent: 03-24-2020 03:44 PM
From: Joe Dascole
Subject: OTK assertion in policy manager

Hi Anirban,

When you drag and drop this into policy the only required parameter in the assertion is Cache Validation Result. Aside from that nothing needs configuring to accept an access token. It can be customized for scopes or hard code a token, but to just accept a valid token only that one field is required.

What is the result when you drag and drop this setting this value (you can set to 30 to test)?

Regards,
Joe
Original Message:
Sent: 03-24-2020 03:39 PM
From: Anirban Chakraborty
Subject: OTK assertion in policy manager

When we drag & drop the "OTK Require OAuth 2.0 Token" assertion from the palate  in the service the functionality is not coming. We copy it from the other already developed policy the all the functionality of OAuth 2.0 coming properly. Please tell me how to configure  "OTK Require OAuth 2.0 Token" assertion in the service without coping from other already implemented service.

Thanks a ton Joe . It's fine now .
Original Message:
Sent: 03-24-2020 05:15 PM
From: Joe Dascole
Subject: OTK assertion in policy manager

No worries. Start with a new policy and structure it like this. If you put OAuth at the top it should get rid of the error on that assertion.
This is like the first screenshot you shared above where there is no error on the OTK assertion. Ideally, the require oauth token should be the first line.

If it is not clear perhaps please send me a message and we can chat about this tomorrow. In both cases, though you should be able to save and activate the policy as it is only a warning, it should not prevent you from using the service.

The error happens in the reverse order because you are allowing it to route somewhere before authenticating or authorizing a user.

Original Message:
Sent: 03-24-2020 04:56 PM
From: Anirban Chakraborty
Subject: OTK assertion in policy manager

Very sorry Joe m not getting this.
"You should position all authorization/authentication statements at the top of the policy. This way nothing is processed if the auth fails."  Even I put the OTK policy on the top it will  same as before. Can you please let me know how to drag & drop the assertion "OTK Require OAuth 2.0 Token"  thus it's working properly.
Original Message:
Sent: 03-24-2020 04:22 PM
From: Joe Dascole
Subject: OTK assertion in policy manager

This happens because policy validation feedback is turned on in the policy manager.
It is a warning to let you know that the authorization/authentication is taking place AFTER some other action. In this case, the HTTP routing assertion.

You should position all authorization/authentication statements at the top of the policy. This way nothing is processed if the auth fails.
You can still and use the policy, to avoid this though I would re-position those or turn off policy validation feedback.


Original Message:
Sent: 03-24-2020 04:11 PM
From: Anirban Chakraborty
Subject: OTK assertion in policy manager

Hi Joe,
             When I copy the OTK the result is like below which works fine.When we move the courser on the policy all the variable are showing.PFB:

 PFB when we drag & drop the assertion in the policy,When we move the courser on the policy all the variable are not showing like the copy one:

Regards,
Anirban
Original Message:
Sent: 03-24-2020 03:44 PM
From: Joe Dascole
Subject: OTK assertion in policy manager

Hi Anirban,

When you drag and drop this into policy the only required parameter in the assertion is Cache Validation Result. Aside from that nothing needs configuring to accept an access token. It can be customized for scopes or hard code a token, but to just accept a valid token only that one field is required.

What is the result when you drag and drop this setting this value (you can set to 30 to test)?

Regards,
Joe
Original Message:
Sent: 03-24-2020 03:39 PM
From: Anirban Chakraborty
Subject: OTK assertion in policy manager

When we drag & drop the "OTK Require OAuth 2.0 Token" assertion from the palate  in the service the functionality is not coming. We copy it from the other already developed policy the all the functionality of OAuth 2.0 coming properly. Please tell me how to configure  "OTK Require OAuth 2.0 Token" assertion in the service without coping from other already implemented service.

Good to hear Anirban, happy to help.
Original Message:
Sent: 03-24-2020 05:25 PM
From: Anirban Chakraborty
Subject: OTK assertion in policy manager

Thanks a ton Joe . It's fine now .
Original Message:
Sent: 03-24-2020 05:15 PM
From: Joe Dascole
Subject: OTK assertion in policy manager

No worries. Start with a new policy and structure it like this. If you put OAuth at the top it should get rid of the error on that assertion.
This is like the first screenshot you shared above where there is no error on the OTK assertion. Ideally, the require oauth token should be the first line.

If it is not clear perhaps please send me a message and we can chat about this tomorrow. In both cases, though you should be able to save and activate the policy as it is only a warning, it should not prevent you from using the service.

The error happens in the reverse order because you are allowing it to route somewhere before authenticating or authorizing a user.

Original Message:
Sent: 03-24-2020 04:56 PM
From: Anirban Chakraborty
Subject: OTK assertion in policy manager

Very sorry Joe m not getting this.
"You should position all authorization/authentication statements at the top of the policy. This way nothing is processed if the auth fails."  Even I put the OTK policy on the top it will  same as before. Can you please let me know how to drag & drop the assertion "OTK Require OAuth 2.0 Token"  thus it's working properly.
Original Message:
Sent: 03-24-2020 04:22 PM
From: Joe Dascole
Subject: OTK assertion in policy manager

This happens because policy validation feedback is turned on in the policy manager.
It is a warning to let you know that the authorization/authentication is taking place AFTER some other action. In this case, the HTTP routing assertion.

You should position all authorization/authentication statements at the top of the policy. This way nothing is processed if the auth fails.
You can still and use the policy, to avoid this though I would re-position those or turn off policy validation feedback.


Original Message:
Sent: 03-24-2020 04:11 PM
From: Anirban Chakraborty
Subject: OTK assertion in policy manager

Hi Joe,
             When I copy the OTK the result is like below which works fine.When we move the courser on the policy all the variable are showing.PFB:

 PFB when we drag & drop the assertion in the policy,When we move the courser on the policy all the variable are not showing like the copy one:

Regards,
Anirban
Original Message:
Sent: 03-24-2020 03:44 PM
From: Joe Dascole
Subject: OTK assertion in policy manager

Hi Anirban,

When you drag and drop this into policy the only required parameter in the assertion is Cache Validation Result. Aside from that nothing needs configuring to accept an access token. It can be customized for scopes or hard code a token, but to just accept a valid token only that one field is required.

What is the result when you drag and drop this setting this value (you can set to 30 to test)?

Regards,
Joe
Original Message:
Sent: 03-24-2020 03:39 PM
From: Anirban Chakraborty
Subject: OTK assertion in policy manager

When we drag & drop the "OTK Require OAuth 2.0 Token" assertion from the palate  in the service the functionality is not coming. We copy it from the other already developed policy the all the functionality of OAuth 2.0 coming properly. Please tell me how to configure  "OTK Require OAuth 2.0 Token" assertion in the service without coping from other already implemented service.