Layer7 API Management

Expand all | Collapse all

Protect against Message Replay assertion

  • 1.  Protect against Message Replay assertion

    Posted 03-13-2019 01:00 PM

    Hi All, 

     

    I am new to the Protect against Message Replay assertion. 

    Currently it is set to the Default mode.

    When I test a sample policy that contains this assertion, I get Not applicable in this context message when run using the debug mode.

     

    Can you please suggest how to test a sample proxy using this assertion and sample test cases?

     

    Regards,

    Pramod Talekar



  • 2.  Re: Protect against Message Replay assertion

    Posted 03-13-2019 06:39 PM

    Good afternoon Pramod,

     

    The Protect Against Message Replay is designed to work against WS-Security based tokens included in the payload and will validate if an ID in the token has already been used including validation of the time stamp. Protect Against Message Replay Assertion (Threat Protection) - CA API Gateway - 9.3 - CA Technologies Documentation 

     

    You can use a product like SOAPUI to create a WS-Security token and attempt to send through the same payload twice by viewing the raw and copying it into another request. 

     

    Sincerely,

     

    Stephen Hughes

    Broadcom Support



  • 3.  Re: Protect against Message Replay assertion

    Posted 03-13-2019 07:17 PM

    Good Afternoon Stephen, 

     

    Thanks so much for your reply.

    I will test it.

     

    Regards,

    Pramod Talekar