This is the second post in the blog series focusing on the OAuth Toolkit (OTK) kit. The first video was a more academic overview of the OAuth protocol and workflow. This time we take a look at how to install the OTK solution kit, and how the OTK integrates with the API Gateway to provide easy implementation of OAuth security for API endpoints.
The initial task is to download the OTK installation files from Broadcom support. They include database creation and update scripts, plus the OTK solution kit SSKAR file.
Run a database script to create the OTK database with the token schema. MySQL, Oracle, and Cassandra databases are supported.
Now open the Policy Manager of the API Gateway. Let the Gateway know how to interact with the OTK database by configuring the database connection properties. Next, install the OTK solution kit SSKAR file through Manage Solution Kits option in the policy manager.
Once installed, the OTK solution kit provides you control over where to install each OTK component. For example, you can split components into DMZ and internal zones in a dual Gateway scenario. However, for simplicity, the video focuses on the single server installation.
Now that the OTK is installed, OTK specific assertions, and policy fragments are available. Policies are read-only. Customization of a read-only policy is available by editing the corresponding “hash-policy” in the Customizations folder. For example, to customize default values for variables set in OTK Variable Configuration, edit the variables in #OTK Variable Configuration. This keeps all your custom values intact during future upgrades of the OTK when default policies are replaced by newer versions.
The video finishes by highlighting some key OTK assertions and policy fragments such as the OTK Require OAuth 2.0 Token policy fragment to enable OAuth validation and how to set up Identity Providers for authentication. We get a sense of how easy it is to perform common tasks by simply dragging and dropping pre-configured policy fragments and assertions into custom policies.
blog written by Simon Crum