CA API Management: OAuth Tokens are logged in clear text

Document ID : KB000107975
Last Modified Date : 17/08/2018
Show Technical Document Details
Issue:
When reviewing the SSG log you may notice access tokens are being logged in clear text, for example:

 
20180726 13:16:53.822INFO -4error: invalid_request, error_description: Access token does not exist (expired, revoked, replaced, unknown, ...). access_token='e62d0e32-096e-424d-a29e-bf76d9857e8d'
Resolution:
This entry is only logged for expired or revoked tokens. No active tokens will be logged on the system.
To avoid these being logged you can set the below cluster wide property:

Open Policy Manager
1) Navigate to Tasks -> Global Settings -> Manager Cluster-Wide Properties
2) Add the below property name and value:

name: audit.detailThreshold 
value: WARNING