Security hash only calculated on original request?

Discussion created by svvoorn on Oct 27, 2017

Hi all,

On our api gateway* Version 9.1 I want to add an HMAC-MD5 hash value to a processing instruction in a active request Then the request will be routed to a backend service.

I added the processing instruction using a xsl transformation and then use the generatesecurityhash_assertion

Somehow this doesn't work, because the securityhash is not calculated over the request with new processing instruction, but over the original request.mainpart. 
Even when I set a new context variable to the request.mainpart (which has to be of message type), use the XSLT on this and generate the securityhash it still uses the original requestvalue.


I wonder if this hould work in this way....?

Or is it a bug?


The only solution to this behaviour I see is to send the request with processing instruction to a new internal policy which will calulate the hash. 

But is this the way to do it?

With this I have 2 policies who are depending of each other..  Not what I want really...


Sebastian van Voorn.