Require Xpath Credentials - Not working when we pass special characters CA API Gateway
search cancel

Require Xpath Credentials - Not working when we pass special characters CA API Gateway


Article ID: 130988


Updated On:


CA API Gateway


Configured the API gateway to use Authenticate against CA SSO for authentication and authorization.
The policy only fails when special characters are included in the username or password.

Simplified steps to reproduce: Policy 
Set Context variables for username and password: username=A10,   password=fi&erwall
Set Context variables for creds message XML format

Set XPath Credentials Properties


Policy will fail when username or password contains a special character at the XPath assertion (&, <,  >, '', ')



API Gateway 9.4

Single Sign-On 12.8


In order for this to work with special characters, they need to be escaped as below:


XPath expression


It's suggested to use regular expressions to check the username and password for special characters then handle each one with the proper escape character before passing it on for authentication.

Additional Information

The issue is not a product limitation, it is an XML limitation.

"Require XPath credentials" assertion has limitations on XML 

If you test the data in any XPath tester, you would see that the &, for example, will need to be escaped with amp; 


You could use the "Evaluate Regular Expression" and replace the & in the password with &amp;

XML Input



XPath expression


Errors with 

Unable to perform XPath operation. The reference to entity "rewall" must end with the ';' delimiter. You most likely forgot to escape '&' into '&amp;'

Attached sample policy sample-policy.xml


The following flow

IsProtect to SSO

Set context variable username and password that contains special character “&”

Evaluate Regular Expression  fi&rewall change it to fi&amp;rewall, save to context variable password1

Set context variable “creds”








$creds Authenticate Against CA Single Sign-On




1571928019666__sample-policy.xml get_app
1558687401913000130988_sktwi1f5rjvs16f9j.png get_app
1558687399988000130988_sktwi1f5rjvs16f9i.png get_app
1558687396988000130988_sktwi1f5rjvs16f9h.png get_app