Layer7 API Management

Expand all | Collapse all

Cookie handling for session establishment in CA API Gateway

  • 1.  Cookie handling for session establishment in CA API Gateway

    Posted 09-09-2016 05:52 AM

    Hi,

     

    I want to know how can i handle session using cookies in CA API Gateway(Layer7) Level.

    Consider i don't have siteminder , I m just using standalone Software gateway 9.1 

     

    USE CASE :

     

    Consider my Request Information is like this,

     

    Layer 7 Request URL :  https://l7host.com/listofproduct 

    Method : GET,POST

    security : Basic Authentication (username , password)

     

    Another  Layer7 Request URL: "http://l7host.com/product/xyz"

    Method: GET,POST

    Security : Basic Authentication (username , password)

     

    Now my use case is, i want if a user is Authenticated once using basic authentication , other API should not ask me for Authentication again.

     

    this is considering only a rich client application(web based) is accessing my APIs which are capable of handling cookies.

     

    Questions:

     

    1. How can i do basic authentication from external Ldap(already configured) and store cookie after successful authentication, and if not prompt for basic authentication. 

    2.  how can i handle the cookies using assertion across the different policies (APIs) , so that if a user already authenticated he not need to be authenticate again and cookies transfers across the different APIs .

     

     



  • 2.  Re: Cookie handling for session establishment in CA API Gateway

    Posted 09-11-2016 10:12 AM

    Hi, 

    If I understand you question correctly, you want to have "SSO" across your Layer7 projects? 

    I assume you are working with same LDAP directory in all these service, right? 

     

    When user prompted with username\password, and passes authorization, you can try to use Manage Cookie asseriton, add cookie, and in other service you will "Require a Cookie" assertion to pull the cookie up. Since your domain remains the same, no problem with CORS or cookie domain will occur... So basically one of your service will ask for user\pass, generate cookie, and others will look for that cookie. I will also check this in my environment if my suggestion correct .

     


    Denis 



  • 3.  Re: Cookie handling for session establishment in CA API Gateway

    Posted 09-12-2016 08:18 AM

    Hello Denis,

     

    yes you get it right , and yes LDAP Directory is same for all services.

     

    now i had tried the same logic as you mentioned but it didn't work for me,I used manage cookie after successful authentication but it didn't set any cookies in Client(browser i am using ).

     

    Can you please tell me the API steps. so i can test.



  • 4.  Re: Cookie handling for session establishment in CA API Gateway

    Posted 09-16-2016 11:52 AM

    Apurva,

     

    Depending on how the manage cookie is setup it will need to be attached to the response message otherwise it will not be sent back or if you use the template response with Send Response immediate checked will ignore the add header or cookie.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 5.  Re: Cookie handling for session establishment in CA API Gateway

    Posted 09-21-2016 03:49 PM

    Apurva,

     

    Did the last post help you resolve the issue?

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 6.  Re: Cookie handling for session establishment in CA API Gateway

    Posted 10-10-2016 05:52 AM

    Hi Apoorva,

     

    After authentication in response are able to see the cookie in the browser?

    Also can you share the sample policy on what you have done so that I can help you?

     

    Thank You

    Sampath Kumar



  • 7.  Re: Cookie handling for session establishment in CA API Gateway

    Posted 11-18-2016 02:03 AM

    Hi Stephen,

     

    How about storing cookie in Gateway level (as in how browser is using cookie), is this a feature?

     

    Regards,

    Rofans Manao



  • 8.  Re: Cookie handling for session establishment in CA API Gateway

    Posted 11-30-2016 03:44 PM

    Rofans,

     

    You could use the cache or tactical remote cache assertion to store the cookie for reuse later. If the client is not traversing through the same gateway then you will need to use the remote cache to work between nodes.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support