Message Image

Skip main navigation (Press Enter).

Layer7 API Management

Back to discussions

Expand all | Collapse all

Gateway authorizing on CA SSO session cookies

Josh CoffmanMar 02, 2017 04:27 PM

Can the API Gateway authorize a transaction with a SiteMinder (Single Sign-On) session cookie that was ...

Stephen HughesApr 21, 2017 05:37 PM

Josh, Good afternoon. You should be able to use SSO Token created from any siteminder environment ...

1. Gateway authorizing on CA SSO session cookies

0 Recommend
Josh Coffman
Posted Mar 02, 2017 04:27 PM

Reply Reply Privately
Can the API Gateway authorize a transaction with a SiteMinder (Single Sign-On) session cookie that was generated on a separate webserver, assuming the webserver is a component of the same Single Sign-On infrastructure as the API Gateway?

I seem to be able to authorize via SiteMinder using cookies that were generated on the gateway, but the gateway is not authorizing SiteMinder cookies that are generated at a set of centralized login servers. In fact, even though I see a "Not Authorized!" message at the gateway, I do not see an isAuthorized call or AZReject at the Policy Server, in the SMPS trace logs.

Any help would be appreciated.

Thanks,

Josh
2. Re: Gateway authorizing on CA SSO session cookies

1 Recommend
Broadcom Employee

Stephen Hughes
Posted Apr 21, 2017 05:37 PM

Reply Reply Privately
Josh,

Good afternoon. You should be able to use SSO Token created from any siteminder environment that the Gateway is registered to be apart of. I know we have seen issues with ensuring that the Cookie is not truncated: Session cookies ending in an equal sign (=) are truncated by the API Gateway

Please let me know if the link fixes the problems.

Sincerely,

Stephen Hughes
Director, CA Support

Copyright 2023. All rights reserved.

Powered by Higher Logic