Layer7 API Management

 View Only
  • 1.  CustomAssertion details

    Posted Mar 17, 2023 10:41 AM

    Hi,

    My idea is create through restman a policy that uses a Custom Assertion. But when is see the content of the Custom Assertion in the xml, is encode whit Base64. How I can decode this? is not a standar base64 encode.

    Or is there another way to report this Custom Assertion through restman?

    Thanks.



  • 2.  RE: CustomAssertion details

    Broadcom Employee
    Posted Mar 17, 2023 04:19 PM

    Hello, Daniel.

    The custom assertion properties (not the entire assertion .jar) are base64 encoded in policy. For example, when I decode:

    rO0ABXNyADFjb20ubDd0ZWNoLnBvbGljeS5hc3NlcnRpb24uQ3VzdG9tQXNzZXJ0aW9uSG9sZGVyZtcreFwddTICAAlaAAxpc1VpQXV0b09wZW5MAApjYXRlZ29yaWVzdAAPTGphdmEvdXRpbC9TZXQ7TAAIY2F0ZWdvcnl0ACpMY29tL2w3dGVjaC9wb2xpY3kvYXNzZXJ0aW9uL2V4dC9DYXRlZ29yeTtMAA9jdXN0b21Bc3NlcnRpb250ADFMY29tL2w3dGVjaC9wb2xpY3kvYXNzZXJ0aW9uL2V4dC9DdXN0b21Bc3NlcnRpb247TAAUY3VzdG9tTW9kdWxlRmlsZU5hbWV0ABJMamF2YS9sYW5nL1N0cmluZztMAA9kZXNjcmlwdGlvblRleHRxAH4ABEwAD3BhbGV0dGVOb2RlTmFtZXEAfgAETAAOcG9saWN5Tm9kZU5hbWVxAH4ABEwAHnJlZ2lzdGVyZWRDdXN0b21GZWF0dXJlU2V0TmFtZXEAfgAEeHIAJWNvbS5sN3RlY2gucG9saWN5LmFzc2VydGlvbi5Bc3NlcnRpb27bX2OZPL2isQIAAloAB2VuYWJsZWRMABBhc3NlcnRpb25Db21tZW50dAAvTGNvbS9sN3RlY2gvcG9saWN5L2Fzc2VydGlvbi9Bc3NlcnRpb24kQ29tbWVudDt4cAFzcgAtY29tLmw3dGVjaC5wb2xpY3kuYXNzZXJ0aW9uLkFzc2VydGlvbiRDb21tZW50wRemdwvAdqYCAAFMAApwcm9wZXJ0aWVzdAAPTGphdmEvdXRpbC9NYXA7eHBzcgARamF2YS51dGlsLlRyZWVNYXAMwfY+LSVq5gMAAUwACmNvbXBhcmF0b3J0ABZMamF2YS91dGlsL0NvbXBhcmF0b3I7eHBwdwQAAAABdAANUklHSFQuQ09NTUVOVHQAKS8vIGN1c3RvbSBhc3NlcnRpb24gSWdub3JlZCBmb3IgY29kZS1mbG93eAFzcgARamF2YS51dGlsLkhhc2hTZXS6RIWVlri3NAMAAHhwdwwAAAACP0AAAAAAAAFzcgAoY29tLmw3dGVjaC5wb2xpY3kuYXNzZXJ0aW9uLmV4dC5DYXRlZ29yeVqwnGWhRP41AgACSQAFbXlLZXlMAAZteU5hbWVxAH4ABHhwAAAAC3QAEEN1c3RvbUFzc2VydGlvbnN4cHNyADBjb20ubDd0ZWNoLmN1c3RvbS5hdXRoMnNjb3BlLlNjb3BlSXNzdWVBc3NlcnRpb24tYbsJUPQ+sAIAAkwAD3Njb3BlUmVnaXN0ZXJlZHEAfgAETAAOc2NvcGVSZXF1ZXN0ZWRxAH4ABHhwdAATJHtzY29wZS5yZWdpc3RlcmVkfXQAHyR7cmVxdWVzdC5odHRwLnBhcmFtZXRlci5zY29wZX10ADRlZjJhMzJkZjU4ZWRlNDVkMjQyYzlmYzkzNDA2YjdiZjA2MDc0NWNjYWQyZWJlNWYuamFydACvVmFsaWRhdGVzIHRoZSByZXF1ZXN0ZWQgU0NPUEUgYWdhaW5zdCBTQ09QRSdzIHRoYXQgd2VyZSByZWdpc3RlcmVkIGZvciB0aGUgY2xpZW50LiBJdCBvbmx5IGlzc3VlcyBTQ09QRSdzIHRoYXQgYXJlIGEgc3Vic2V0IG9mIHRoZSByZWdpc3RlcmVkIG9uZXMuIEl0IHdpbGwgZmFpbCBpZiBub25lIG1hdGNoLnQAEU9USyBTQ09QRSBJc3N1aW5ndAART1RLIFNDT1BFIElzc3Vpbmdw

    I get:

    ¨Ìsr1com.l7tech.policy.assertion.CustomAssertionHolderf◊+x\u2    Z isUiAutoOpenL
    categoriestLjava/util/Set;Lcategoryt*Lcom/l7tech/policy/assertion/ext/Category;LcustomAssertiont1Lcom/l7tech/policy/assertion/ext/CustomAssertion;LcustomModuleFileNametLjava/lang/String;LdescriptionTextq~LpaletteNodeNameq~LpolicyNodeNameq~LregisteredCustomFeatureSetNameq~xr%com.l7tech.policy.assertion.Assertion€_cô<Ω¢±ZenabledLassertionCommentt/Lcom/l7tech/policy/assertion/Assertion$Comment;xpsr-com.l7tech.policy.assertion.Assertion$Comment¡¶w ¿v¶L
    propertiestLjava/util/Map;xpsrjava.util.TreeMap ¡ˆ>-%jÊL
    comparatortLjava/util/Comparator;xppwt RIGHT.COMMENTt)// custom assertion Ignored for code-flowxsrjava.util.HashSet∫DÖïñ∏∑4xpw ?@sr(com.l7tech.policy.assertion.ext.CategoryZ∞úe°D˛5ImyKeyLmyNameq~xp tCustomAssertionsxpsr0com.l7tech.custom.auth2scope.ScopeIssueAssertion-aª    PÙ>∞LscopeRegisteredq~LscopeRequestedq~xpt${scope.registered}t${request.http.parameter.scope}t4ef2a32df58ede45d242c9fc93406b7bf060745ccad2ebe5f.jartØValidates the requested SCOPE against SCOPE's that were registered for the client. It only issues SCOPE's that are a subset of the registered ones. It will fail if none match.tOTK SCOPE IssuingtOTK SCOPE Issuingp

    If you copy the base64 encoded value, you should get the same. If you decode, make changes, and encode again, you're mileage will vary.

    At this point, there is no other way to represent custom assertion properties in policy (or Restman; or Graphman; since both just have a copy of the policy).



    ------------------------------
    Ben Urbanski
    Product Manager, API Gateway
    Layer7 API Management
    ------------------------------



  • 3.  RE: CustomAssertion details

    Posted Mar 22, 2023 10:37 AM

    Hi Ben,

     What I would like to know is how to decode it? Then I could create the xml, then encode it and use it in a policy.

     This is possible?

     Thank you so much.




  • 4.  RE: CustomAssertion details

    Broadcom Employee
    Posted Mar 22, 2023 01:31 PM

    Hello Daniel,

    The base64 decoded value of the policy assertion is a serialized Java object. It's somewhat readable, but not reliably manipulated. We're going to look into providing a different representation of the custom assertion config (and probably an XML representation to be in line with how policy is otherwise represented), but we haven't concluded anything yet, or even prioritized this on our backlog.

    Regards,



    ------------------------------
    Ben Urbanski
    Product Manager, API Gateway
    Layer7 API Management
    ------------------------------



  • 5.  RE: CustomAssertion details

    Posted Mar 30, 2023 03:28 AM

    If your custom assertion requires parameter one workaround would be to use gateway cluster property or variable instead of actual values. This will allow migration accross without the need to change or decode the base64 value and then will allow easy migration without the need to make any change to the base64 encoded value




  • 6.  RE: CustomAssertion details

    Posted Apr 03, 2023 10:28 AM

    @Ronald Dsouza thanks for your solution that's a great idea, but my custom assertion requires a stored password and uses a dropdown to select the stored password.


    Thanks.




  • 7.  RE: CustomAssertion details

    Posted Apr 04, 2023 11:30 AM

    Hi @Daniel A Pompa Vargas and @Ronald Dsouza

    You can access the password with the "String passw = customPolicyContext.expandVariable("${secpass.pass.plaintext}");" line in the checkRequest function, but you need to select "permit use via context variable reference" in the stored password configuration. 



    ------------------------------
    Regards,
    Mesut Yalcin - Senior Solution Engineer
    APIIDA AG - https://www.apiida.com
    ------------------------------