FreeKB - Error in Assertion Processing 601
CA Technologies API Gateway - Error in Assertion Processing 601

Error 601 typically means there is some problem routing a request to a backend application or service. If this is happening across multiple policies that are routing to different applications or services, this suggest a network issue.

Problem routing to

If this is only occurring with a specific service, check for event "problem routing to" on the Associated Logs tab in the Gateway Audit Log.Typically the routing is the last thing that is being done in a policy.  When "problem routing to" is caught in the Associated Log, this means the request made it through all of the API Gateway security checks, but there was a problem routing the request to the backend application or service. The "problem routing to" event may identify the issue (network issue, application issue, certificate not trusted, et cetera).


Read timed out

Read timed out means that the backend service is not responding in a timely manner. Check the backend service for errors in the logs.


Connection refused

If you see “Connection Refused”, there may be some issue with the URL being used to route the request to the backend application or service. For example, let’s say requests are being routed to

  • Protocol: The protocol may need to be HTTP or HTTPS. 
  • Hostname: Using nslookup, ensure the host name can be resolved to an IP address. Also ensure that the application or service exists on the server that the host name resolves to.
  • Port: The port will need to be open on the target server - this usually means checking the web or application server the request is being routed to.
  • Context root: The context root, such as /enterprise/sample, does not always need to match the context root of the service. The developer should be able to provide you with the valid context root.

If there is an issue with the URL being used to route the requests to the backend application or service, events will not be written to the application server logs, such as SystemOut.log (WebSphere), catalina.log (Tomcat), or mule_ee.log (Mule), as the API Gateway is not able to establish a connection to the application server.

Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter 6d074 in the box below so that we can be sure you are a human.