Issue using store passwords

book

Article ID: 194835

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

I am using a variable called ${secpass.jwe_pwd.plaintext} to get the content of the password jwe_pwd
The Decode JSON WEb token fails if I use the variable and it works if I use an hardcoded password.

It seems the Decode Json Web token assertion doesn't recognize the content of the variable correctly.

Cause

the error reported in the env where the decode JWT assertion is not working is:

2020-05-28T15:53:18.445+0200 WARNING 1020 com.l7tech.external.assertions.jwt.server.ServerEncodeJsonWebTokenAssertion: 10808: Invalid key for dir with A128CBC-HS256, expected a 256 bit key but a 264 bit key was provided.

Environment

Release : 9.x

Component : API GATEWAY

Resolution

The error would indicate there is something added to the password :  expected a 256 bit key but a 264 bit key was provided.

When using copy and paste the password the error occurs , after typing it the problem did not occur .
Make sure the copied password has no additional BLANKS, CR or LF at the end .
Due to the masking you will not see this 

 

Attachments