I want to configure fault handling on a VerifyJWT policy (as documented here) but the [prefix].[policy_name].failed variable seems to be null by the time the fault rule condition is checked.
Proxy configuration:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<VerifyJWT async="false" continueOnError="false" enabled="true" name="Verify-JWT-1">
<DisplayName>Verify JWT-1</DisplayName>
<Algorithm>RS256</Algorithm>
<PublicKey>
<Value ref="publicKey"/>
</PublicKey>
</VerifyJWT>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ProxyEndpoint name="default">
<Description/>
<FaultRules>
<FaultRule name="JWT Policy Errors">
<Step>
<Name>error-message</Name>
<Condition>(fault.name Matches "TokenExpired")</Condition>
</Step>
<Condition>jwt.Verify-JWT-1.failed=true</Condition>
</FaultRule>
</FaultRules>
<PreFlow name="PreFlow">
<Request>
<Step>
<Name>Verify-JWT-1</Name>
</Step>
</Request>
<Response/>
</PreFlow>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
<Flows/>
<HTTPProxyConnection>
<BasePath>/test</BasePath>
<Properties/>
<VirtualHost>default</VirtualHost>
</HTTPProxyConnection>
<RouteRule name="default">
<TargetEndpoint>default</TargetEndpoint>
</RouteRule>
</ProxyEndpoint>
Passing in an expired token yields the correct variable in the VerifyJWT policy itself:
But seems to be null when trying to evaluate the fault rule condition:
What am I missing here?
Thanks