Identify consumers by XPath. Will Mediator remove WSS heade when executing this policy action?

Chi_Ping_Terry_Yu · November 26, 2012, 5:23pm

I have a run time policy that identifies a consumer by a custom token using XPath. My goal is to identify the username token in the WSS security header against the user identifier I specified in a consumer application asset. The XPath expression appears working fine. I am just curious if Mediator will remove the WSS security elements when executing this policy action. As I know, the other policy action (identify consumers by WSS) removes the WSS security elements before forwarding a SOAP request to a native service. I do not want this same behavior when using the XPath approach. I would appreciate it if anyone can share their experience with me…

Thanks,
Terry

Gerald_Ristow · November 26, 2012, 5:40pm

Hi Terry,

I think in CentraSite 8.2, the WSS headers are removed by CentraSite if a corresponding runtime policy is defined. However, in order to double-check, please use two HTTP sniffers, like tcpmon, in order to examine the traffic.

Kind regards,
Gerald

Chi_Ping_Terry_Yu · November 26, 2012, 10:11pm

Gerald,

Good news! I did some tests and proved that this policy action does not remove the WSS security elements from a SOAP request in Mediator.

Thanks,
Terry