Context Variable does not get a value (comes empty) into the encap assertion
search cancel

Context Variable does not get a value (comes empty) into the encap assertion


Article ID: 200789


Updated On:


CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway


We have a policy to update expiry date on the user account which used to work with v9.2 but after upgrading gateway to 9.4 version. we are receiving invalid Attribute syntax. 
Edited :
%%SHARED%%.request.shared.error.msg = {String} "{
  "error_description":"LDAP error: Modify CA Directory Failed: user.dn: uid=triangle3112,ou=Customers,ou=Users,ou=cust,dc=CustomerT,dc=ca, accountLocked: False, accountLockedUpdated: True, -- Timed -- 10 -- 2020-09-18T21:33:59.275Z -- , [LDAP: error code 21 - Invalid Attribute Syntax]; remaining name 'uid=triangle3112,ou=Customers,ou=Users,ou=cust,dc=CustomerT,dc=ca'."


Release : 9.4

Component : API GATEWAY


1. currTimePlusExpiryMins.local.yyyyMMddHHmmssZ was set as encapsulated assertion input but not defined in parent policy, essentially giving it an empty value

2. currTimePlusExpiryMins was set inside the encapsulated assertion as a Date/Time context variable. Normally this autopopulates currTimePlusExpiryMins.local.yyyyMMddHHmmssZ

3. The empty currTimePlusExpiryMins.local.yyyyMMddHHmmssZ defined in the input overrode the correct value inside the encapsulated assertion

Something like "Warning: If you are planning to use context variables local to the encapsulated assertion, make sure that they are not defined as inputs to prevent the local variables from being overridden by the inputs"


Needed to recreate the OTK encap assertion without the currTimePlusExpiryMins.local.yyyyMMddHHmmssZ from the list of inputs.