Require XPath Credentials Assertion

The Require XPath Credentials assertion looks for a login (user name) and password in the current request using a pair of XPath expressions. If the target credentials are found in the message, then the Gateway sets the current request's credentials using the contents of the elements described by the XPath expressions and optionally removes the original elements from the request.
gateway90
The
Require XPath Credentials
assertion looks for a login (user name) and password in the current request using a pair of XPath expressions. If the target credentials are found in the message, then the Gateway sets the current request's credentials using the contents of the elements described by the XPath expressions and optionally removes the original elements from the request.
In order to use the Require XPath Credentials assertion, both a user name and password must be configured for the identity or identities in the policy. For more information, see the Authenticate User or Group Assertion.
To learn about selecting the target message for this assertion, see Selecting a Target Message.
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Adding an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. When adding the assertion, the
    XPath Credentials Properties
    automatically appear; when modifying the assertion, right-click
    <target>:
    Require XPath Credentials...
    in the policy window and select
    XPath Credentials Properties
    or double-click the assertion in the policy window. The assertion properties are displayed.
  3. Configure the properties as follows:
    Setting
    Description
    Login XPath Expression
    The XPath 1.0 expression that will locate the element containing the login ID or user name. The default expressions is:
    /s:Envelope/s:Body//Username
    (SOAP)
    //Username
    (non-SOAP)
    Click [
    Edit XPath
    ] if you need to select another expression. For more information, see Selecting an XPath.
    Before constructing XPath expressions for the login/user name and password elements, consult the service's namespace map to view and choose the appropriate namespace prefixes. To access the map, click [
    Edit Namespaces
    ] while selecting an XPath to see the default namespaces and prefixes.
    Remove Login from request if found
    Select this check box to have the Gateway remove the element containing the login/user name value from the request message. Use this option when credentials must be authenticated by the Gateway but not communicated to the protected service.
    A request message will never expose login information if the message uses context variables to hold a user's credentials. Thus, login information will not be exposed regardless of whether the
    Remove Login from request if found
    check box is selected.
    Password XPath Expression
    The XPath 1.0 expression that will locate the element containing the password. The default is:
    /s:Envelope/s:Body//Password
    (SOAP)
    //Password
    (non-SOAP)
    Click [
    Edit XPath
    ] to construct this expression. For more information, see Selecting an XPath.
    Remove Password from request if found
    Select this check box to have the Gateway remove the element containing the password value from the request message, but save the credentials in memory.
    For greater flexibility, you may reference context variables in an XPath expression. For more information, see Context Variables for XPaths.
  4. If necessary, click [
    Namespaces
    ] to edit the namespace map.
  5. Click [
    OK
    ]
    when done.