Layer7 API Management

 View Only
Expand all | Collapse all

Audit Request Body Save : Unable to get request XML: Stream closed

  • 1.  Audit Request Body Save : Unable to get request XML: Stream closed

    Posted Jan 24, 2020 08:42 AM
    Hi,
    I am using Add Audit Details assertion with always Save Request/Response in my Login service.
    The login service is called by supplying http credentials.

    But, in the audit window, the Request is showing as blank for successful logins.
    And, for invalid/userid passwords, the Request is showing "Unable to get request XML: Stream closed"

    Why am I not seeing the actual credentials ?


  • 2.  RE: Audit Request Body Save : Unable to get request XML: Stream closed

    Posted Jan 27, 2020 01:35 AM
    Are you using authorization (Basic Auth) or have you created a custom Login form.

    If you using Basic Auth. The username and password is stored in ${request.http.headers.Authorization} variable else you can get the value from parameters

    If you are using XML request. Make sure that you can extract the values from XML using credential assertion

    ------------------------------
    Pre-Sales Consultant
    CA Southern Africa
    ------------------------------



  • 3.  RE: Audit Request Body Save : Unable to get request XML: Stream closed

    Posted Jan 27, 2020 03:46 AM
    You can also take a look at this community article containing sample request that you can use 

    https://community.broadcom.com/enterprisesoftware/communities/community-home/digestviewer/viewthread?MessageKey=5940d2a6-2c5e-4383-ac37-293129af5c3c&CommunityKey=0f580f5f-30a4-41de-a75c-e5f433325a18&tab=digestviewer#bm5940d2a6-2c5e-4383-ac37-293129af5c3c

    ------------------------------
    Pre-Sales Consultant
    CA Southern Africa
    ------------------------------



  • 4.  RE: Audit Request Body Save : Unable to get request XML: Stream closed

    Posted Jan 28, 2020 04:09 AM

    So, the Credentials are present in Header, that's why it is not logged in Request Body audit.

    So for successful requests, we see blank body.

     

    But, when credentials are not provided, why do we see "Unable to get request XML: Stream closed" error ?

     

    Regards,
    Amit


     Disclaimer: This  communication  is  for the exclusive use of the intended recipient(s) and  shall  not attach any liability on the originator or ITC Infotech India Ltd./its  Holding company/ its Subsidiaries/ its Group Companies. If you are the addressee, the contents of this e-mail are intended for your use only and it shall  not be forwarded to any third party, without first obtaining written authorization from the originator or ITC Infotech India Ltd./ its Holding company/its  Subsidiaries/ its Group Companies. It may contain information which is confidential and legally privileged and the same shall not be used or dealt with  by any  third  party  in  any manner whatsoever without the specific consent  of  ITC  Infotech India Ltd./ its Holding company/ its Subsidiaries/ its Group Companies.  






  • 5.  RE: Audit Request Body Save : Unable to get request XML: Stream closed

    Posted Jan 28, 2020 05:38 AM
      |   view attached
    Failed Login Audit Logs
    Login Success

    So I don't really see that error. Most likely you policy is trying to derive something from request body in XML that is failing but if you use ${request.mainpart} it will give you blank if the body is empty irrespective of the login.
    Do you have XPATH or XSLT before the Require auth are you saving the request body in a message that is xml once of this could cause the problem

    Try running the sample_test that only does authentication. If it still give you the error that I would suggest to raise a support ticket.


    ------------------------------
    Pre-Sales Consultant
    CA Southern Africa
    ------------------------------

    Attachment(s)

    xml
    sample_Test.xml   1 KB 1 version


  • 6.  RE: Audit Request Body Save : Unable to get request XML: Stream closed

    Posted Jan 28, 2020 05:43 AM
    Also which assertion are you using to get username and password XPATH Client Credentials Properties or Require HTTP Basic Credentials

    ------------------------------
    Pre-Sales Consultant
    CA Southern Africa
    ------------------------------



  • 7.  RE: Audit Request Body Save : Unable to get request XML: Stream closed

    Posted Jan 28, 2020 05:45 AM

    My mistake... it is not an error, I just see this in the Request section (next to Associated logs) of the Audit window, where the body must be logged.


     Disclaimer: This  communication  is  for the exclusive use of the intended recipient(s) and  shall  not attach any liability on the originator or ITC Infotech India Ltd./its  Holding company/ its Subsidiaries/ its Group Companies. If you are the addressee, the contents of this e-mail are intended for your use only and it shall  not be forwarded to any third party, without first obtaining written authorization from the originator or ITC Infotech India Ltd./ its Holding company/its  Subsidiaries/ its Group Companies. It may contain information which is confidential and legally privileged and the same shall not be used or dealt with  by any  third  party  in  any manner whatsoever without the specific consent  of  ITC  Infotech India Ltd./ its Holding company/ its Subsidiaries/ its Group Companies.  






  • 8.  RE: Audit Request Body Save : Unable to get request XML: Stream closed

    Posted Jan 28, 2020 06:02 AM
    The request body aspect comes from Request payload





    Most likely you have some snippet that send the request body in either your app or on gateway as follow which is why you get the error. This is very less likely a gateway issue..

    ------------------------------
    Pre-Sales Consultant
    CA Southern Africa
    ------------------------------



  • 9.  RE: Audit Request Body Save : Unable to get request XML: Stream closed

    Posted Jan 29, 2020 06:58 AM
    Hi,

    I did some testing and here is the analysis.

    I am using "Raise Error" assertion in the policy and because of this the Request body is not logged incase of error.
    Instead of Request Body, I see "Unable to get request xml:Stream Closed".
    But, If I catch the message in Service Debugger, then the Request Body is properly logged even if there is an error.

    Also, if during the flow, "Raise Error" assertion is not executed and some other error occurs (for example Route via HTTPs error), then also the Request Body is logged properly.


  • 10.  RE: Audit Request Body Save : Unable to get request XML: Stream closed
    Best Answer

    Posted Jan 29, 2020 07:48 AM
      |   view attached

    Raise Error must be handle with Handle Error assertion

    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-2/policy-assertions/assertion-palette/policy-logic-assertions/handle-errors-assertion.html

    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-2/policy-assertions/assertion-palette/policy-logic-assertions/raise-error-assertion.html#concept.dita_bcda24533c9256f78888875ab9bec2982e5df6ce_ContextVariables

    Do you want just to give an error to the user like authentication failed you should take a look at this
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-3/policy-assertions/assertion-palette/logging-auditing-and-alerts-assertions/customize-error-response-assertion.html

    1.  Right at the Start of you policy  -- Search for Customize Error Response
    2. Create context variables
      1. status : 400
      2. content-type : text/html or application/json based on the response you want give the user
      3. errorCode: 000 [default]
      4. errorDescription: Unknown error
    3. Create your validation condition in atleast one option and for failure condition use stop assertion, the only 2 variable you overwrite is 
      1. errorDescription
      2. errorCode
    4. Finally Test

    With Raise Error you will need a handle error block
    See attachement for example



    ------------------------------
    Pre-Sales Consultant
    CA Southern Africa
    ------------------------------

    Attachment(s)

    xml
    handle_error.xml   8 KB 1 version