Require Xpath Credentials - Not working when we pass special characters CA API Gateway
search cancel

Require Xpath Credentials - Not working when we pass special characters CA API Gateway

book

Article ID: 130988

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Configured the API gateway to use Authenticate against CA SSO for authentication and authorization.
The policy only fails when special characters are included in the username or password.

Simplified steps to reproduce: Policy 
Set Context variables for username and password: username=A10,   password=fi&erwall
Set Context variables for creds message XML format
 


Set XPath Credentials Properties

 

Policy will fail when username or password contains a special character at the XPath assertion (&, <,  >, '', ')


 

Environment

API Gateway 9.4

Single Sign-On 12.8

Resolution

In order for this to work with special characters, they need to be escaped as below:
 

<creds>
<username>A10</username>
<password>fi&amp;rewall</password>
</creds>



XPath expression

/creds/password
Element='<password>fi&amp;rewall</password>'



It's suggested to use regular expressions to check the username and password for special characters then handle each one with the proper escape character before passing it on for authentication.
 

Additional Information

The issue is not a product limitation, it is an XML limitation.

"Require XPath credentials" assertion has limitations on XML 

If you test the data in any XPath tester, you would see that the &, for example, will need to be escaped with amp; 

 

You could use the "Evaluate Regular Expression" and replace the & in the password with &amp;

https://www.freeformatter.com/xpath-tester.html

XML Input

<creds>
<username>A10</username>
<password>fi&rewall</password>
</creds>

 

XPath expression

/creds/password

Errors with 

Unable to perform XPath operation. The reference to entity "rewall" must end with the ';' delimiter. You most likely forgot to escape '&' into '&amp;'



Attached sample policy sample-policy.xml

 

The following flow

IsProtect to SSO

Set context variable username and password that contains special character “&”

Evaluate Regular Expression  fi&rewall change it to fi&amp;rewall, save to context variable password1

Set context variable “creds”

<creds>

<username>${username}</username>

<password>${password1}</password>

</creds>

XPath

/creds/username

/creds/password

$creds Authenticate Against CA Single Sign-On

 

 






Attachments

1571928019666__sample-policy.xml get_app
1558687401913000130988_sktwi1f5rjvs16f9j.png get_app
1558687399988000130988_sktwi1f5rjvs16f9i.png get_app
1558687396988000130988_sktwi1f5rjvs16f9h.png get_app
Powered by Wolken Software