Layer7 API Management

 View Only
  • 1.  How to access the Context Variables which have the error messages for routing failure

    Posted Apr 17, 2017 09:16 AM

    We are trying to handle the routing assertion failure errors such that we can send the exact error to the consumer. The routing can fail with various reasons like Certificate not found, Certificate Not Trusted, Server Not found etc. These errors can be seen in Gateway Audit Events. But How can i get these messages to a template response? Is there any context variable where this will be saved?

     

    Note : We have tried using ${httpRouting.reasonCode} , But this gives the high level error, not the exact error which is shown on Gateway Audit Events.



  • 2.  Re: How to access the Context Variables which have the error messages for routing failure

    Broadcom Employee
    Posted Apr 17, 2017 11:55 AM

    Hi

     

    Would love to hear why you would want your client knowing that your gateway server cert isn’t valid or needs this in order to route properly?

     

    I would say that this should be shielded from the client.  I’ve never been asked this from a customer and don’t know a reason why you would want this info being passed to a client?

     

    thanks

     

    Derek Orr

    ca technologies

    Principal Consultant, CA API Management Presales

    m: 778-980-0029

    Email = Derek.Orr@ca.com<mailto:Derek.Orr@ca.com>

     

    CA API Management Community: https://communities.ca.com/community/ca-api-management-community



  • 3.  Re: How to access the Context Variables which have the error messages for routing failure

    Posted Apr 18, 2017 04:44 AM

    Hi Derek

     

    We wanted to access these information for the internal handling. Though we will not share the exact error message to consumer is there any way we can capture these error messages?



  • 4.  Re: How to access the Context Variables which have the error messages for routing failure
    Best Answer

    Broadcom Employee
    Posted Apr 18, 2017 03:17 PM

    Yes, there is a way of creating this…

     

     

    -          Use the log file instead.  It highlights this in its log file.

     

    2017-04-18T15:04:24.153-0400 WARNING 4318 com.l7tech.server.transport.http.SslClientTrustManager: Unable to build path for Certificate CN=*.facebook.com,O=Facebook\, Inc.,L=Menlo Park,ST=California,C=US: unable to find valid certification path to requested target

     

     

     

    -          Or you can create an audit sink to send off to a particular file server or to a database.  This is a less desired approach, especially with high performing or high SLA requirement of the gateway.

     

     

    Derek Orr

    ca technologies

    Principal Consultant, CA API Management Presales

    m: 778-980-0029

    Email = Derek.Orr@ca.com<mailto:Derek.Orr@ca.com>

     

    CA API Management Community: https://communities.ca.com/community/ca-api-management-community