Problem

When configuring API Portal 7.5.5 with multiple API Managers, there is an issue if you are using API Gateway/API Manager 7.5.3 SP7 or later due to some fixes implemented in API Manager SP7. Basically, there are 2 problems:

• API Manager 7.5.3 SP7 no longer accepts duplication of the “Content-type” header, which is sent twice when the AuthenticateToMaster policy is triggered. As a result, when a user who exists only on the master API Manger tries to log in from API Portal the request fails with "400 Bad request". A workaround is to create the same user on the slave API Manager. In earlier versions of API Manager the duplicate header was ignored and the request was processed successfully.
• In API Gateway/API Manager 7.5.3 SP7 the variable used for the HTTP method in the “Get current info” policy filter is not properly resolved, and users who do not exist on the slave API Manager (and exist only on master API Manager) cannot log in successfully from the slave API Manager directly.

All API Portal versions configured to work with API Gateway/API Manager 7.5.3 SP7 or later are affected.

Resolution

To fix this problem, you must upgrade the Sample Policy as follows:

• Download the latest sample policy package
• Using Policy Studio, import the AuthoToMasterDynamicOrg_ApiManager_753_SP7_or_later.xml policy (attached)
  
• Repeat the steps described in the API Portal Installation and Upgrade Guide Connect API Portal to multiple API Managers section
  

Further information

• This problem is fixed in API Portal 7.5.5 SP7 and later.
• If you are using any earlier version of API Manager (pre 7.5.3 SP7) you must use the old policy - AuthoToMasterDynamicOrg.xml
  
• If you are using API Manager 7.5.3 SP7 or later you must use the new policy - AuthoToMasterDynamicOrg_ApiManager_753_SP7_or_later.xml