Limit OAuth Manager Portal when using on DMZ gateway

Document ID : KB000126382
Last Modified Date : 07/02/2019
Show Technical Document Details
Introduction:
I'm reaching out to see if there is a way to limit the exposure of the .../oauth/manager portal to isolate its access when it is only accessible within the internal network. Currently, our oauth manager portal is accessible from anywhere via the URL: https://gatewayserver.company.com:8443/oauth/manager; is there anyway to do this?

Note we are not using the DMZ/internal design approach for our solution


 
Environment:
OTK Kit 4.2 
Instructions:
The DMZ / Internal is the out-of-box approach when installing it allows for selecting services for DMZ and internal access

However there is another customizable approach

Attached policy export that can be used to limit OAuth manager access by IP address range (NOTE Policy AS IS)

Suggest importing policy into a temp location, then perform a copy of the “At least one assertion must evaluate to true" to Folder: OTK -> Customization -> oauth manager -> #oath manager config;  this policy runs when OAuth/Manager is accessed, default is only comments

To customize access modify line 8 and enter IP Address range (example 138.42.47.0/24)
 
OAuth manager access
File Attachments:
OAuth_customization-manager_access.xml