I know that the later versions of the XI50 firmware have the capability to "attach" of "apply" policy templates to a WSProxy (e.g., requiring signing).
I was wondering, when this capability is enabled/used (e.g., if one of the canned policies on the XI50 are "applied"), and if an incoming message doesn't "meet" the requirements configured for a WSProxy, does the "Policy" (e.g., a AAA Policy) associated with the WSProxy still get processed?
This topic has been locked.
3 replies Latest Post - 2012-11-26T22:14:43Z by Sri_XI50
Pinned topic What happens if you apply WS-Security to a WSProxy?
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2012-11-26T22:14:43Z at 2012-11-26T22:14:43Z by Sri_XI50
SystemAdmin 110000D4XK6772 PostsACCEPTED ANSWER
Re: What happens if you apply WS-Security to a WSProxy?2009-04-07T11:41:38Z in response to SystemAdminHi,
For the record, I was able to configure a test setup that has a WS-Policy attachment on a WSProxy, and when the WS-Policy is set for "filter" (vs. "enforce"), it appears that the WSProxy rejects the message at that point, and processing does not proceed further (e.g., to a AAA Policy that I also had configured in the WSProxy.
zachahuy83 270000S43X45 PostsACCEPTED ANSWER
Re: What happens if you apply WS-Security to a WSProxy?2012-11-22T02:36:29Z in response to SystemAdminHi,
What firmware version are you using? I am currently using 220.127.116.11 and it setup to enforce, but it reject right away. Here is the log:
0x00d30003 wsgw (WSP_COImmunization_WSPOLICYTest): Rejected by filter; SOAP fault sent
0x80c00008 wsgw (WSP_COImmunization_WSPOLICYTest): rule (WSP_COImmunization_WSPOLICYTest_default_request-rule): implied action Calling rule var://service/wspolicy/service/configname with input INPUT and output INPUT failed: Rejected by policy.
0x80c00009 wsgw (WSP_COImmunization_WSPOLICYTest): request service_38_2-req #2 filter: 'INPUT store:///dp/required-encrypted-element.xsl' failed: Rejected by policy.
0x80c00078 wsgw (WSP_COImmunization_WSPOLICYTest): Rejected by filter 'service_38_2-1-check-original-msg-request-rule' of rule 'service_38_2-req'.
0x80c00010 wsgw (WSP_COImmunization_WSPOLICYTest): Execution of 'store:///dp/required-encrypted-element.xsl' aborted: Rejected by policy.
0x8060020d wsgw (WSP_COImmunization_WSPOLICYTest): Message is not encrypted
0x80c0004e wsgw (WSP_COImmunization_WSPOLICYTest): Stylesheet URL to compile is 'store:///dp/required-encrypted-element.xsl'
0x80c00002 wsgw (WSP_COImmunization_WSPOLICYTest): rule (service_38_2-req): #1 setvar: 'setting var://service/strict-error-mode in context INPUT to be 1' completed OK.
Sri_XI50 270005RBF623 PostsACCEPTED ANSWER
Re: What happens if you apply WS-Security to a WSProxy?2012-11-26T22:14:43Z in response to zachahuy83Hi,
I have one question on the message that gets rejected.
Assume that the message didn't meet the criteria set in the policy and was set to reject. We can give some custom string to showup in the soap fault. But is there a way to control the soap fault ? I mean, if I want to return a soap fault with some name and code in it, can I do that ?