We have an external SOAP API that requires basic authentication, and when we use SOAPUI to test it, it works going directly to the API. 

When we update SOAPUI to point to the Layer7 policy, we don't see anything in the logs or in the debugger.  We just get a 400 Bad Request error.

Release : 10.0

Component : API GATEWAY

The Xpath assertion was wrongly configured and not grabbing the specific elements to evaluate on the policy flow.

- We explained how to configure the Xpath assertion, testing the policy shows the output from a payload you could work with.

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">    <soap:Header>	        <U>ImaUser</U><AuthHeader MyAttribute="" xmlns="https://www.example.com/MasterWebService/DataDownloadService">            <Username>ns_defect_test</Username>            <Password>1Pass$$1234524097</Password>        </AuthHeader>    </soap:Header></soap:Envelope>

-  suggested and explained how to configure a "Regular expression" to grab/evaluate the Username, Password as needed.  You will need to customize according to your use case (context variable to pass into the request header as an example).

ref: 

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-1/policy-assertions/how-to-assertions/specify-xpaths-in-assertions.html

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-1/policy-assertions/assertion-palette/message-validation-transformation-assertions/evaluate-regular-expression-assertion.html