(Non-SOAP) Decrypt XML Element Assertion
gateway90
The (Non-SOAP) Decrypt XML Element assertion is used to immediately decrypt one or more EncryptedData elements in an XML message (either request, response, or a message context variable). This assertion is intended only for messages not contained within a SOAP envelope. (Advanced technical users may use it on SOAP messages, with the knowledge that the resulting decorated message will almost certainly not be WS-Security compliant.)
The (Non-SOAP) Decrypt XML Element assertion is intended to decrypt elements that were encrypted using the (Non-SOAP) Encrypt XML Element assertions.
Context Variables Created by This Assertion
The (Non-SOAP) Decrypt XML Element assertion sets the following context variables with details of the decryption.
The <prefix> is set in the assertion properties and is optional. There is no default.
Variable | Description |
|---|---|
<prefix>. elementsDecrypted | Lists the elements that were decrypted. |
<prefix>. encryptionMethodUris | Lists the encryption methods used. |
<prefix>. recipientCertificates | Lists the recipient certificates used in the encryption. |
All three multivalued variables always have exactly the same number of values, with the encryptionMethodUris and recipientCertificates variables containing duplicate values as required to ensure that the encryption method and certificate for elementsDecrypted[N] can always be found at encryptionMethodUris[N] and recipientCertificates[N], respectively (where 'N' is a nonnegative integer).
To learn about selecting the target message for this assertion, see Select a Target Message.
Using the Assertion
- Do one of the following:
- To add the assertion to the Policy Development window, see Add an Assertion.
- To change the configuration of an existing assertion, proceed to step 2 below.
- Right-click <target>:(Non-SOAP) Decrypt XML Element [XPath]in the policy window and select(Non-SOAP) XML Element Decryption Propertiesor double-click the assertion in the policy window. The assertion properties are displayed.
- Click [Edit XPath] to specify the xenc:EncryptedData element(s) to verify. For more information, see Select an XPath.
- Optionally enter a prefix to be added to the context variables created by this assertion. A prefix is required if this assertion appears more than once in a policy to prevent variable values from being overwritten.The on-screen validator will warn you if there are any issues with the prefix name.
- Click [OK].