I also found that the assertion (Non-SOAP) Check Results from XML-Verification has a check-box to get the credentials from the signing certificate. This is also very handy to authenticate the credentials against a Identity Provider, but use a Identity Tag!
Sebastian van Voorn.
Original Message:
Sent: 08-03-2021 08:44 AM
From: Charles L
Subject: Unable to get credentials from signing certificate in plain XML message
Validated this fix. Just posting here as well. So resolution is known.
Assertion 6 exports a multipart element for the Signing Certificate BUT Assertion 7 doesnt allow the use of multiparts.
So..
After 6 add an
New 7 Below,Look Up Item by Index Position: index 0 within ${signingCertificates}; output value to ${SignCert}
Move your Existing 7 (Retrieve Request from context variable as assertion 8)
And specify the output variable from new 7 above ${SignCert} as your credential source.
The Retrieve request assertion doesnt take allow a multipart identifier i.e. [0]
And the original assertion produces a multipart (6) so the lookup item takes the multipart x.509 and only exposes the single part in ${SignCert}
Original Message:
Sent: 07-14-2021 02:55 AM
From: Sebastian van Voorn
Subject: Unable to get credentials from signing certificate in plain XML message
Hello Jay,
The exception I get is this:
20210714 08:37:19.566 | WARNING | | 4 | Type not supported for variable credentials for variable signingCertificates: Unsupported credential type: X509Certificate[]. Exception caught! |
To test, POST a very simple XML doc to the SvV-Sign-XML policy, which will sign the XML and send it to SvV-Test-Sign policy which should get the credentials from the signing certificate.
<?xml version="1.0" encoding="UTF-8"?>
<LEEG-BERICHT>
<ALG-GEG>
<PROC-IDENT>1303</PROC-IDENT>
<PROC-FUNC>1</PROC-FUNC>
<INFO-GEBR>XX</INFO-GEBR>
</ALG-GEG>
</LEEG-BERICHT>
------------------------------
Greetings,
Sebastian van Voorn.
SR. System Engineer
RDW
Original Message:
Sent: 07-09-2021 01:21 PM
From: Jay MacDonald
Subject: Unable to get credentials from signing certificate in plain XML message
Is there anything in the logs? Can you share your policy here?
------------------------------
Jay MacDonald - Adoption Architect - Broadcom API Management (Layer 7)
Original Message:
Sent: 07-09-2021 07:02 AM
From: Sebastian van Voorn
Subject: Unable to get credentials from signing certificate in plain XML message
We use simple signing XML element to sign an XML message.
Now we also want to retreive the credentials from the signature as explained in this document:
Retrieve Credentials from Context Variable Assertion
But somehow it doesn't work; the retreive credentials assertion failes, without reason.
Doe someone have experience with this?
------------------------------
Greetings,
Sebastian van Voorn.
SR. System Engineer
RDW
------------------------------