Skip to content
CA API Management OAuth Toolkit - 4.2
Documentation powered by DocOps

Install the OAuth Solution Kit

Last update January 30, 2019

The OAuth Solution Kit contains the policies, endpoints, and assertions that create the OAuth Toolkit (OTK). From the Policy Manager, install the single OAuth Solution Kit .sskar file. This file contains multiple solution kits that provide specific OAuth functionality. 

This page contains the following topics related to installation:

Before you Begin

Perform the following pre-installation tasks:

Creating the database connection before installing the solution kits allows you to simply select the existing connection during the Resolve Entity Conflicts stage.

Upgrade or Install? 

To upgrade an OTK release to the latest version, follow the upgrade instructions.  If upgrading from OTK 4.x, read-only policies are replaced; custom configurations and services are retained. If upgrading from OTK 3.x, install the 4.x version and transfer custom configuration to the #policies.

Upgrade Sequence

Upgrading from 4.0.00 to 4.2.00 requires running an upgrade compatibility patch. The patch is available from Supporting Files.

If you prefer to completely remove your older installation and lose all customizations, perform an uninstall, delete any remaining folders, then install the new OTK version.

If you prefer to retain a previous version as a reference, install the new OTK version with an instance modifier.

Launch the OAuth Solution Kit Installer

This is step one of the Solution Kit Installation Wizard.

  1. In Policy Manager, go to Tasks, Extensions and Add-Ons, Manage Solution Kits.  
  2. If you have an existing OTK version you want to remove, select it and click Uninstall.
    Follow the uninstall instructions. Alternatively, you can retain an older OTK version by installing the new version with an instance modifier.
  3. Click Install.
  4. Identify the Solution Kit File to use.
    Click File and locate the signed skar file (.sskar) for the OAuth Solution Kit.
    For example: OAuthSolutionKit-4.2.00-1234.sskar
    The path to the solution kit file appears, click Next.

The OAuth Solution kit includes multiple solution kits.

Select and Install Solution Kits

The solution kit includes DMZ, Internal, Shared, and Persistence Layer kits.

Choose to install solution kits on the same server, or to split the OTK installation across the DMZ (external) and Internal servers. 

Multi-Server Installation

The recommended multi-server OTK installation is as follows:

  • Install the DMZ solution kits on the exposed server
  • Install the Internal solution kits on the protected server 
  • Install the Shared solution kits on both servers 
  • Install the Persistence Layer solution kit that matches your database type on the server that connects to the database. This is usually the Internal protected server. 

For multi-server installation instructions, see Dual Gateway Scenario.

To select and install specific solution kits on a single server:

  1. Select one or more of the available solution kits listed. 
    Suggested selection is as follows:
    • DMZ, OAuth 2.0 and OpenID Connect endpoints
    • Internal, Server Tools
    • OTK Assertions
    • Persistence Layer: database type
      (
      where database type is the solution kit that matches your currently installed OTK database type) 
    • Shared OAuth Resources
  2. Assign an optional instance modifier. See Install with an Instance Modifier.
  3. Click Next.

Recommended Solution Kit Component Selection for a Single Server Installation

More Installation Options

Choose any of the following installation options:

  • Integrate with CA API Developer Portal
    Select the The Internal, Portal and Shared Portal Resources solution kit components. 
    If your OTK database is a Cassandra database, do not select the Portal solution kits. CA API Developer Portal integration with a Cassandra database is not supported. 
  • Add OAuth 1.0 Support (deprecated)
    Select DMZ, OAuth 1.0 to add support for the deprecated OAuth 1.0 protocol. OAuth 1.0 policies are not customizeable and no future OAuth 1.0 support is planned.
  • Support Alternative Database Scenarios 
    Alternate database scenarios can require selection of a Persistence Layer solution kit plus configuration of either a JDBC or Cassandra connection.
  • Add an Instance Modifier to distinguish this installation from a previous installation of the same version.  See Add an Instance Modifier.

Add an Instance Modifier

Do you intend to keep the previous installation as a reference?

If so, select the solution kits and click Set Instance Modifier. Type a string value, then click OK. The value is added to service resolution URIs, folders, policy names, and other components.

Rules about instance modifiers:

  • The instance modifier value must be different for each installation.
  • Use the same instance modifier across all the solution kits of a single version.
  • If you install OTK with an instance modifier, use the same instance modifier when installing additional products (such as CA Mobile API Gateway).


CA Developer Portal Integration

If you intend to integrate with the CA API Developer Portal, do not add an Instance Modifier to your OTK installation. The CA API Developer Portal currently does not support OTK installations with Instance Modifiers.

Resolve Entity Conflicts

The installer tests each solution kit for potential conflicts in the following areas:

  • Service routing conflicts
  • Policy conflicts
  • Certificate conflicts
  • Encapsulated Assertion conflicts
  • Missing JDBC connections
  • Missing assertions 

If an error is detected in any of the solution kits:

  • The solution kit name is displayed in red.
  • The Resolved column for the specific solution kit entity is highlighted and displays "No".
  • The Finish button is grayed out and not available.

To resolve entity conflicts:

  1. Click a solution kit tab highlighted red.
    The entities are listed.
  2. Select the entity containing the conflict and click Resolve. A dialog box offers you actions to resolve the conflict.
    The Resolved column indicates a resolved conflict.
  3. When all conflicts are resolved, click Finish to start the installation.
    Finish can only be clicked after all conflicts have been resolved.

Resolve the Database Connection Entity Conflict

Selection of any the following solution kits requires resolution of the database connection.

  • Persistence Layer: MySQL or Oracle
  • Persistence Layer: Cassandra
  • Shared Portal Resources

There will always be an entity conflict to resolve until the OTK database connection is identified. There is an additional database connection entity conflict to resolve if you have selected to integrate with the CA API Management SaaS Portal.

To resolve the database connection entity conflict:

  1. Select the entity that requires conflict resolution.
  2. Click Resolve.
    The Resolve Entity Conflict dialog appears. 
  3. In the Action section select an existing connection. Otherwise, click Manage then Add to create a new connection.
  4. With the connection selected on the Resolve Entity Conflict dialog, click OK.
    The entity conflict is resolved. The Resolved column is updated.




Was this helpful?

Please log in to post comments.

  1. Kevin Russell
    2018-05-30 01:26

    The wording for Portal integration is ambiguous. It is required for all Portal integrations not just SaaS. Would be worthwhile to drop SaaS to just CA API Developer Portal.

    "More Installation Options Choose any of the following installation options:

    Integrate with the SaaS CA API Developer Portal"

    Likewise for Dual Gateway Scenario: https://docops.ca.com/ca-api-management-oauth-toolkit/4-2/en/installation-workflow/install-the-oauth-solution-kit/dual-gateway-scenario

    1. Lucie Stehnova
      2018-05-30 01:56

      Hi Kevin, many thanks your comment and suggestions.

      Lucie

    1. Lucie Stehnova
      2018-05-31 03:44

      Hi Kevin, 

      documentation amended. 

      Thank you

      Lucie