Layer7 API Management

Expand all | Collapse all

Gateway authorizing on CA SSO session cookies

  • 1.  Gateway authorizing on CA SSO session cookies

    Posted 03-02-2017 04:27 PM

    Can the API Gateway authorize a transaction with a SiteMinder (Single Sign-On) session cookie that was generated on a separate webserver, assuming the webserver is a component of the same Single Sign-On infrastructure as the API Gateway?

     

    I seem to be able to authorize via SiteMinder using cookies that were generated on the gateway, but the gateway is not authorizing SiteMinder cookies that are generated at a set of centralized login servers. In fact, even though I see a "Not Authorized!" message at the gateway, I do not see an isAuthorized call or AZReject at the Policy Server, in the SMPS trace logs.

     

    Any help would be appreciated.

     

    Thanks,

     

    Josh



  • 2.  Re: Gateway authorizing on CA SSO session cookies

    Posted 04-21-2017 05:37 PM

    Josh,

     

    Good afternoon. You should be able to use SSO Token created from any siteminder environment that the Gateway is registered to be apart of. I know we have seen issues with ensuring that the Cookie is not truncated: Session cookies ending in an equal sign (=) are truncated by the API Gateway

     

    Please let me know if the link fixes the problems.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support