Layer7 API Management

 View Only
Expand all | Collapse all

CA API Gateway Policy Assertion looping over siteMinder variables

  • 1.  CA API Gateway Policy Assertion looping over siteMinder variables

    Posted Apr 07, 2016 05:57 PM

    hi,

     

    I would like to make a policy fragment that loops over the SiteMinder smcontext attributes that are available.

     

    In particular, in the help files I see that the following are available:

    ${<prefix>.smcontext.attributes.length}   Returns the size of the attribute list.

    ${<prefix>.smcontext.attributes.<index>.name}  Returns the name of the <index> attribute.  Example: ${siteminder.smcontext.attributes.0.name}

    ${<prefix>.smcontext.attributes.<index>.value}  Returns the value of the <index> attribute.   Example: ${siteminder.smcontext.attributes.0.value}

     

    this data structure seems difficult to use "Run Assertion for Each Item of..."

     

    The data seems to lend itself to a for/next construct.

     

    Seems that the .length variable holds the number of entries in the array.

    Perhaps there is an equivalent to the generic ${request.http.allheadervalues} but for the SiteMinder variables that is not yet exposed as public information.

     

    Please, can someone suggest how I can use these variables in a loop.

    Thanks



  • 2.  Re: CA API Gateway Policy Assertion looping over siteMinder variables

    Posted Apr 11, 2016 05:21 PM

    Run Assertions for Each Item of ${siteminder.smcontext.attributes} as ${attribute.current}

     

    This will loop through all of the SM attributes. Within that assertion place whatever logic you need to apply to the attributes, and it will repeat itself for every attribute.



  • 3.  Re: CA API Gateway Policy Assertion looping over siteMinder variables

    Broadcom Employee
    Posted Apr 17, 2016 09:03 PM

    Yes,

    within the assertion, you can use,

    set context variable allattributevalues as string to: ${allattributevalues} ${attribute.current.name}=${attribute.current.value};

     

    to get a similar output as ${request.http.allheadervalues}



  • 4.  Re: CA API Gateway Policy Assertion looping over siteMinder variables

    Posted Apr 18, 2016 01:06 PM

    Thank you for the reply,

     

    This is what I have now....

    for Each Item of ${siteminder.smcontext.attributes} as ${attribute.current}

        Set Context Variable allattributevalues as String to: ${allattributesvalues}

        Add Audit Details: "sm.allattributevalues=${allattributevalues}"

        Add Audit Details: "${attribute.current.name}=${attribute.current.value};"

     

    Edit:  I did more experimenting:  I tried this...

    Set Context Variable SM_allHeaders as String to: ${siteminder.smcontext.attributes}

    Split variable SM_allHeaders into SM_allHeadersPairs on " "  <--- single space

    Run Assertions for Each Item of ${SM_allHeadersPairs} as ${SM_attributePair.current}

         Set Context Variable SM_onePair as String to: ${SM_attributePair.current}  

         Add Audit Details: SM_attributePair = ${SM_onePair}

     

    Seems to put out some legible values, but if there is a space in any of the values it breaks up the line.

    I tried to split the string on ), but the GUI hated me, I'm not very good at RegEx.

     

    And the information in the log is not what I would expect.... Any ideas what I am doing wrong...



  • 5.  Re: CA API Gateway Policy Assertion looping over siteMinder variables

    Broadcom Employee
    Posted Apr 18, 2016 06:36 PM

    Please note the expression of Set Context Variable allattributevalues in my previous comment,

    it's "${allattributevalues} ${attribute.current.name}=${attribute.current.value};"

    not "${allattributevalues}"

     

    The 1st expression will append each name=value; to the end of variable allattributevalues in each iteration.

    (also, note the spell of the variable name, your last comment seems to use a wrong name in expression "${allattributesvalues}")



  • 6.  Re: CA API Gateway Policy Assertion looping over siteMinder variables

    Posted Apr 20, 2016 09:04 AM

    Thank you for the feedback.

     

    So, taking what you said, and entering it.  I have this now:

    1. Run Assertions for Each Item of ${siteminder.smcontext.attributes} as ${attribute.current}

    2.     Set Context Variable allattributevalues as String to: ${allattributevalues} ${attribute.current.name}=${attribute.current.value}

    3.     Add Audit Details: "allattributevalues=${allattributevalues} attribute.current.name=${allattributevalues.current.name} attribute.current.value=${allattributevalues.current.value}"

     

    Line 3: I am trying to display my name value pairs.  All i see in my log is a bunch of

         allattributevalues= = =

         attribute.current.name=

         attribute.current.value=

     

    I also tried: Line 3 is different <using attribute.current.name and value>

    1. Run Assertions for Each Item of ${siteminder.smcontext.attributes} as ${attribute.current}

    2.     Set Context Variable allattributevalues as String to: ${allattributevalues} ${attribute.current.name}=${attribute.current.value}

    3.     Add Audit Details: "allattributevalues=${allattributevalues} attribute.current.name=${attribute.current.name} attribute.current.value=${attribute.current.value}"

     

    I don't get it, what am I missing?  Am I doing something wrong with my statement #3? 

    thanks again.



  • 7.  Re: CA API Gateway Policy Assertion looping over siteMinder variables

    Posted Apr 20, 2016 09:37 AM

    I am seeing this in my log as well.

    2016-04-20T09:26:57.112-0400 WARNING 147 com.l7tech.server.policy.assertion.ServerAuditDetailAssertion: 151: Variable 'attribute.current' is not a String and cannot be converted to one.  (Actual type: com.l7tech.util.Pair)

     

    Some googling shows it to be related to SiteMinder, which is awesome, becuase that's what I am trying to parse.  Further googling does not show anything on how to use data type "Pair", the data string i am getting out of the system now looks like this:

    2016-04-20T09:26:57.111-0400 INFO    147 com.l7tech.server.policy.assertion.ServerAuditDetailAssertion: -4: x CURRENT ATTRIBUTE all =(ATTR_AUTH_DIR_NAME,MY-AD-NAME)

     

    I assume the .name & .value are supposed to access the 2 parts of the Pair, but so far, no luck.

    I am iterating quickly on possibilities, hopefully I deduce the solution shortly, or someone can slam a solution in here.

    Cheers and thanks.



  • 8.  RE: Re: CA API Gateway Policy Assertion looping over siteMinder variables

    Posted Jan 13, 2020 09:20 AM
    Hello Aquilina,

    Please help me out if  "creating a policy fragment for extracting siteminder custom attributes" worked for you.
    I am trying the same since a month to achieve this..


  • 9.  RE: Re: CA API Gateway Policy Assertion looping over siteMinder variables
    Best Answer

    Posted Jan 14, 2020 07:45 AM
    Edited by Christopher Hackett Jan 20, 2020 07:23 PM
    • When the content is not a string type, it is generally necessary to add the following text to the end of the context variable in the audit assertion: .mainpart
    • Example:
      • When the error shown in the audit viewer is Variable 'attribute.current' is not a String and cannot be converted to one. (Actual type: com.ca.siteminder.SiteMinderContext$Attribute) the audit assertion logging it should be changed from having a context variable named ${siteminder.smcontext.attributes} to a context variable named ${siteminder.smcontext.attributes.mainpart}

    https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=98152&_ga=2.131095567.107544774.1578900839-920757066.1574754284


    One way to do this :-
    Join the multivalued variable using 
    Set Context variable $sm.allAttributes=${siteminder.smcontext.attributes.mainpart} (going by the Kb article)
    Then find the pattern and use Split assertion to extract the attribute by ,
    Create a empty string variable smXML
    Then Run assertion each time on the output of split variable either using regular expression
    ---- either via regex (.*?)=(.*?) to currentNameValue
    ---- smXML=$smXML<data>"${currentNameValue[0]}":"${currentNameValue[1]}"</data>

    End of Run Assertion
    set Context Variable smXML type Message (xml) to ${smXML}
    use JSON Transformation to convert xml to data array with name value pair



  • 10.  RE: Re: CA API Gateway Policy Assertion looping over siteMinder variables

    Posted Jan 14, 2020 08:17 AM
      |   view attached
    Something I tried to build based on the KB information

    Attachment(s)

    xml
    sm-extract.xml   6 KB 1 version