search cancel

Context Variable does not get a value (comes empty) into the encap assertion

book

Article ID: 200789

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

We have a policy to update expiry date on the user account which used to work with v9.2 but after upgrading gateway to 9.4 version. we are receiving invalid Attribute syntax. 
 
Edited :
%%SHARED%%.request.shared.error.msg = {String} "{
  "error":"ldap_exception",
  "error_description":"LDAP error: Modify CA Directory Failed: user.dn: uid=triangle3112,ou=Customers,ou=Users,ou=cust,dc=CustomerT,dc=ca, accountLocked: False, accountLockedUpdated: True, -- Timed -- 10 -- 2020-09-18T21:33:59.275Z -- , javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - Invalid Attribute Syntax]; remaining name 'uid=triangle3112,ou=Customers,ou=Users,ou=cust,dc=CustomerT,dc=ca'."
}"

Cause

1. currTimePlusExpiryMins.local.yyyyMMddHHmmssZ was set as encapsulated assertion input but not defined in parent policy, essentially giving it an empty value

2. currTimePlusExpiryMins was set inside the encapsulated assertion as a Date/Time context variable. Normally this autopopulates currTimePlusExpiryMins.local.yyyyMMddHHmmssZ

3. The empty currTimePlusExpiryMins.local.yyyyMMddHHmmssZ defined in the input overrode the correct value inside the encapsulated assertion

Something like "Warning: If you are planning to use context variables local to the encapsulated assertion, make sure that they are not defined as inputs to prevent the local variables from being overridden by the inputs"

Environment

Release : 9.4

Component : API GATEWAY

Resolution

Needed to recreate the OTK encap assertion without the currTimePlusExpiryMins.local.yyyyMMddHHmmssZ from the list of inputs.