CA API Gateway 9.1

9.4 9.1

Validate SOAP Attachments Assertion

The Validate SOAP Attachments assertion allows you to validate the size and MIME type of incoming SOAP attachments. The assertion will fail under any of the following conditions:
gateway90
The
Validate SOAP Attachments
assertion allows you to validate the size and MIME type of incoming SOAP attachments. The assertion will fail under any of the following conditions:
  • the request message does not contain an attachment
  • the request message contains an attachment that was not declared in the WSDL
  • the attachment is too large
  • the attachment is declared an MIME Content-Type different from the expected type
  • a signature is required but not present for the attachment.
You can optionally require that the attachment be signed (not available in the XML Datascreen version of the Gateway).
The Validate SOAP Attachments assertion supports the W3C
SOAP Messages with Attachment
 standard as outlined in www.w3.org/TR/2000/NOTE-SOAP-attachments-20001211, and the
OASIS Web Services Security SOAP Messages with Attachment (SwA) Profile 1.0 (Committee Draft)
 for signed attachments.
(1) You cannot use the Validate SOAP Attachments assertion with XML applications. (2) If a signature is required for an attachment, one of the following assertions must precede the SOAP Request with Attachment assertion: Require WS-Security Signature Credentials, Require WS-Secure Conversation, Require SAML Token Profile, Require Encrypted UsernameToken Profile Credentials, or Require WS-Security Kerberos Token Profile Credentials.
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Add an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. Right-click 
    Validate SOAP Attachments 
    in the policy window and select 
    SOAP Attachment Properties
     or double-click the assertion in the policy window. The assertion properties are displayed.
    The 
    Binding
    Operations
    , and 
    Input Parameters
     corresponding to one or more attachments are automatically populated from the web service WSDL document.
    If no attachments are present or your service is not capable of supporting attachments, then nothing will appear in the properties dialog.
  3. From the 
    Binding
     drop-down list, select the binding that contains the attachment. The operation(s) belonging to the binding appear under 
    Operations.
  4. From the 
    Operations
     list, select the operation that contains the attachment(s). The following information is displayed in the 
    Input Parameters
     grid. 
    Column
    Description
    Parameter Name
    Name of the input parameter for the attachment.
    MIME Part Content Type
    The Content-Type is retrieved from the WSDL document. If it is not correct, click [
    ...
    ] to change it.
    MIME Part Length Max
    Set to default size of 1000 KB by the Gateway. Modify as necessary.
    Require Signature
    Select this check box to require that the attachments be signed. This option does not apply to the XML Datascreen version of the Gateway.   
    WARNING: Signatures with attachments cannot be verified when the message is save as part of auditing, as the signed attachment is not saved. Modifying an attachment will most likely break the signature of the attachment.
    Multiple attachments per input parameter are also supported. In this case, the total size of the attachments being referred to by the input parameter cannot exceed the value of the MIME Part Length Max column value corresponding to the input parameter.
  5. Click [
    OK
    ]
     
    when done.

Content feedback and comments