Layer 7 API Management

Security hash only calculated on original request?

  • 1.  Security hash only calculated on original request?

    Posted 10-27-2017 06:41 AM

    Hi all,

    On our #apigateway* Version 9.1 I want to add an HMAC-MD5 #hashvalue to a processing instruction in a #activerequest Then the request will be routed to a backend service.

    I added the processing instruction using a #xsltransformation and then use the #generatesecurityhash_assertion

    Somehow this doesn't work, because the securityhash is not calculated over the request with new processing instruction, but over the original request.mainpart. 
    Even when I set a new context variable to the request.mainpart (which has to be of message type), use the XSLT on this and generate the securityhash it still uses the original requestvalue.

     

    I wonder if this hould work in this way....?

    Or is it a bug?

     

    The only solution to this behaviour I see is to send the request with processing instruction to a new internal policy which will calulate the hash. 

    But is this the way to do it?

    With this I have 2 policies who are depending of each other..  Not what I want really...

     

    Sebastian van Voorn.