API Gateway: Underlying policy fragment is invalid for Encapsulated Assertion

book

Article ID: 192470

calendar_today

Updated On:

Products

CA API Gateway API SECURITY STARTER PACK-7 CA Microgateway

Issue/Introduction

We have seen the following error in our logs:

com.l7tech.server.policy.assertion.ServerEncapsulatedAssertion: 10050:Underlying policy fragment is invalid for Encapsulated Assertion: "Policy Name"

Cause

This error is commonly associated when there is a mismatch between what's in the database and the cache. 

Environment

Release: 9.X

Component: API GATEWAY

Resolution

Our cache is stored on the individual nodes. The cache from the back-end is used for subsequent processing, sparing the back-end service from needing to respond to the request. This cuts down on the load and traffic needed. Generally, this issue tends to be one-offs and can be resolved by restarting the server or the SSG service, but if the issue persists then removing and reinstalling the underlying assertion may be required.

The issue will happen around policies with the same encapsulated assertion.

  1. In policy manager go to tasks-> extensions and add-ons-> manage encapsulated assertions
  2. Select the encapsulated assertion in question and then use the export option and save the xml file
  3. Then use the remove option to delete the encapsulated assertion in question from Policy Manager. 
  4. Restart (log out of) policy manager
  5. Log back into policy manager and go back into manage encapsulated assertions
  6. Use the import option, making sure it has the same name as the removed encapsulated assertion

Additional Information

For more information on Manage Encapsulated Assertions please see our guide.