About OTK logging

Document ID : KB000101633
Last Modified Date : 31/08/2018
Show Technical Document Details
Question:
About OTK, is it possible to acquire logs (including user information etc.) when performing authentication? 
Environment:
CA API Gateway 
CA API Management OAuth Toolkit 
Answer:
In the meaning of "authentication" in OAuth, there are two meanings of "authentication of user (resource owner)" and "authentication of" OAuth Client ".


Authentication of "user (resource owner)" is done with API of / login.
By executing the API, execution of authentication is performed with "OTK User Authentication" encapsulation assertion.
If authentication succeeds with this assertion, resource owner information is output with $ {current.username} or $ {resource_owner}.


Authentication of API Client is done with API of / token.
By executing the API, authentication is performed with "OTK Client Authentication" encapsulation assertion.
If authentication succeeds with this assertion, Client ID information will be output with $ {client_id}.

These variables can be output to the log in the following way.
  . Create Policy with Add Audit Details Assertion

  .Set up Traffic Log at log sync and set the cluster property trafficlogger.detail
Specify $ {resource_owner} or $ {client_id} in