Layer7 API Management

Hi community,

I have a simple policy where i'm using a "Route via HTTP(S)" assertion.

In the case where the backend returns a SOAP Fault with a HTTP error 500 code I want this to be returned to the requestor.

My understanding is that the checkbox in front of "Pass through SOAP faults with error status 500" should do this. But it's not. When i select this checkbox I get this error:

HTTP/1.1 500 Internal Server Error
Content-Type: text/xml;charset=utf-8
Content-Length: 590
Date: Thu, 15 Aug 2019 11:23:11 GMT
Connection: close
Server: CA-API-Gateway/9.0

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>Policy Falsified</faultstring>
<faultactor>https://foo/bar</faultactor>
<detail>
<l7:policyResult status="Assertion Falsified" xmlns:l7="http://www.layer7tech.com/ws/policy/fault"/>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>

If I select "Never fail as long as target returns an answer" the original SOAP fault from the backend is returned:

HTTP/1.1 500 Internal Server Error
Set-Cookie: JSESSIONID=12345ABC; Path=/foo/bar; Secure; HttpOnly; Domain=foo.bar
Content-Encoding: gzip
Content-Type: text/xml;charset=utf-8
Content-Length: 211
Date: Thu, 15 Aug 2019 11:26:10 GMT
Connection: close
Server: CA-API-Gateway/9.0

<?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope"><faultcode>S:Server</faultcode><faultstring>Bad credentials (userId is null)</faultstring></S:Fault></S:Body></S:Envelope>

Why is this SOAP fault not returned when i check "Pass through SOAP faults with error status 500"?

Sorry to bump this, but anyone who can answer this?

Thanks,
Jan
Original Message:
Sent: 08-15-2019 07:30 AM
From: Blokhuis
Subject: Pass through SOAP faults with error status 500

Hi community,

I have a simple policy where i'm using a "Route via HTTP(S)" assertion.

In the case where the backend returns a SOAP Fault with a HTTP error 500 code I want this to be returned to the requestor.

My understanding is that the checkbox in front of "Pass through SOAP faults with error status 500" should do this. But it's not. When i select this checkbox I get this error:

HTTP/1.1 500 Internal Server Error
Content-Type: text/xml;charset=utf-8
Content-Length: 590
Date: Thu, 15 Aug 2019 11:23:11 GMT
Connection: close
Server: CA-API-Gateway/9.0

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>Policy Falsified</faultstring>
<faultactor>https://foo/bar</faultactor>
<detail>
<l7:policyResult status="Assertion Falsified" xmlns:l7="http://www.layer7tech.com/ws/policy/fault"/>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>

If I select "Never fail as long as target returns an answer" the original SOAP fault from the backend is returned:

HTTP/1.1 500 Internal Server Error
Set-Cookie: JSESSIONID=12345ABC; Path=/foo/bar; Secure; HttpOnly; Domain=foo.bar
Content-Encoding: gzip
Content-Type: text/xml;charset=utf-8
Content-Length: 211
Date: Thu, 15 Aug 2019 11:26:10 GMT
Connection: close
Server: CA-API-Gateway/9.0

<?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope"><faultcode>S:Server</faultcode><faultstring>Bad credentials (userId is null)</faultstring></S:Fault></S:Body></S:Envelope>

Why is this SOAP fault not returned when i check "Pass through SOAP faults with error status 500"?

Hi Jan,

Actually when you select the checkbox for this means:

When failing on an error status, you can give special attention to error status 500 (internal error).

• Select this check box to allow a status 500 error to be returned from the backend server as a response, complete with the 500 HTTP error code.
• Clear this check box to treat the 500 error as a SOAP fault, which may trigger a customized fault response.

As you can see in additional to the error you can use the Customize SOAP Fault Response to treat the 500 error

Hope this help, more details you can check here https://docops.ca.com/ca-api-gateway/9-1/en/policy-assertions/assertion-palette/message-routing-assertions/route-via-http-s-assertion

Regards,
Diego Martins



Original Message:
Sent: 08-15-2019 07:30 AM
From: Blokhuis
Subject: Pass through SOAP faults with error status 500

Hi community,

I have a simple policy where i'm using a "Route via HTTP(S)" assertion.

In the case where the backend returns a SOAP Fault with a HTTP error 500 code I want this to be returned to the requestor.

My understanding is that the checkbox in front of "Pass through SOAP faults with error status 500" should do this. But it's not. When i select this checkbox I get this error:

HTTP/1.1 500 Internal Server Error
Content-Type: text/xml;charset=utf-8
Content-Length: 590
Date: Thu, 15 Aug 2019 11:23:11 GMT
Connection: close
Server: CA-API-Gateway/9.0

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>Policy Falsified</faultstring>
<faultactor>https://foo/bar</faultactor>
<detail>
<l7:policyResult status="Assertion Falsified" xmlns:l7="http://www.layer7tech.com/ws/policy/fault"/>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>

If I select "Never fail as long as target returns an answer" the original SOAP fault from the backend is returned:

HTTP/1.1 500 Internal Server Error
Set-Cookie: JSESSIONID=12345ABC; Path=/foo/bar; Secure; HttpOnly; Domain=foo.bar
Content-Encoding: gzip
Content-Type: text/xml;charset=utf-8
Content-Length: 211
Date: Thu, 15 Aug 2019 11:26:10 GMT
Connection: close
Server: CA-API-Gateway/9.0

<?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope"><faultcode>S:Server</faultcode><faultstring>Bad credentials (userId is null)</faultstring></S:Fault></S:Body></S:Envelope>

Why is this SOAP fault not returned when i check "Pass through SOAP faults with error status 500"?

Hi Diego,

Thanks for the clarification. The setting was a little confusing for me. 

Regards,
Jan
Original Message:
Sent: 09-06-2019 03:01 AM
From: Diego Martins
Subject: Pass through SOAP faults with error status 500

Hi Jan,

Actually when you select the checkbox for this means:

When failing on an error status, you can give special attention to error status 500 (internal error).

• Select this check box to allow a status 500 error to be returned from the backend server as a response, complete with the 500 HTTP error code.
• Clear this check box to treat the 500 error as a SOAP fault, which may trigger a customized fault response.

As you can see in additional to the error you can use the Customize SOAP Fault Response to treat the 500 error

Hope this help, more details you can check here https://docops.ca.com/ca-api-gateway/9-1/en/policy-assertions/assertion-palette/message-routing-assertions/route-via-http-s-assertion

Regards,
Diego Martins



Original Message:
Sent: 08-15-2019 07:30 AM
From: Blokhuis
Subject: Pass through SOAP faults with error status 500

Hi community,

I have a simple policy where i'm using a "Route via HTTP(S)" assertion.

In the case where the backend returns a SOAP Fault with a HTTP error 500 code I want this to be returned to the requestor.

My understanding is that the checkbox in front of "Pass through SOAP faults with error status 500" should do this. But it's not. When i select this checkbox I get this error:

HTTP/1.1 500 Internal Server Error
Content-Type: text/xml;charset=utf-8
Content-Length: 590
Date: Thu, 15 Aug 2019 11:23:11 GMT
Connection: close
Server: CA-API-Gateway/9.0

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>Policy Falsified</faultstring>
<faultactor>https://foo/bar</faultactor>
<detail>
<l7:policyResult status="Assertion Falsified" xmlns:l7="http://www.layer7tech.com/ws/policy/fault"/>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>

If I select "Never fail as long as target returns an answer" the original SOAP fault from the backend is returned:

HTTP/1.1 500 Internal Server Error
Set-Cookie: JSESSIONID=12345ABC; Path=/foo/bar; Secure; HttpOnly; Domain=foo.bar
Content-Encoding: gzip
Content-Type: text/xml;charset=utf-8
Content-Length: 211
Date: Thu, 15 Aug 2019 11:26:10 GMT
Connection: close
Server: CA-API-Gateway/9.0

<?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope"><faultcode>S:Server</faultcode><faultstring>Bad credentials (userId is null)</faultstring></S:Fault></S:Body></S:Envelope>

Why is this SOAP fault not returned when i check "Pass through SOAP faults with error status 500"?