search cancel

API Gateway Extracting credentials from signing certificate does not work


Article ID: 220986


Updated On:


CA API Gateway


The user wants to get the credentials from a signing certificate used to sign a message. This way we can apply better authorization.  
Attached are the policies to test in the community thread.
A small xml message is sent along with a POST on the svv-sign-xml policy. the message is signed with a signing certificate and forwarded to the policy svv-test-sign.
This policy extracts the certificate information from the message and should then retrieve the credentials, but it fails with this exception :-

The exception I get is this:
20210714 08:37:19.566 WARNING  4 Type not supported for variable credentials for variable signingCertificates: Unsupported credential type: X509Certificate[]. Exception caught!

To test, POST a very simple XML doc to the SvV-Sign-XML policy, which will sign the XML and send it to SvV-Test-Sign policy which should get the credentials from the signing certificate.

<?xml version="1.0" encoding="UTF-8"?>

They also left the question here:



Release : 10.0

Component : API GATEWAY


The assertion requires the var is an instance of X509Certificate, but the error message indicates that it's an array of X509Certificate "X509Certificate[]",  
the <prefix>.signingCertificates returned by verify xml element assertion should be an array, it may need to be referred like ${signingCertificates[0]},
or you can loop it with run for each item assertion.