Layer7 API Management

Hi,

I want to know how can i handle session using cookies in CA API Gateway(Layer7) Level.

Consider i don't have siteminder , I m just using standalone Software gateway 9.1 

USE CASE :

Consider my Request Information is like this,

Layer 7 Request URL :  https://l7host.com/listofproduct 

Method : GET,POST

security : Basic Authentication (username , password)

Another  Layer7 Request URL: "http://l7host.com/product/xyz"

Method: GET,POST

Security : Basic Authentication (username , password)

Now my use case is, i want if a user is Authenticated once using basic authentication , other API should not ask me for Authentication again.

this is considering only a rich client application(web based) is accessing my APIs which are capable of handling cookies.

Questions:

1. How can i do basic authentication from external Ldap(already configured) and store cookie after successful authentication, and if not prompt for basic authentication. 

2.  how can i handle the cookies using assertion across the different policies (APIs) , so that if a user already authenticated he not need to be authenticate again and cookies transfers across the different APIs .

Hi, 

If I understand you question correctly, you want to have "SSO" across your Layer7 projects? 

I assume you are working with same LDAP directory in all these service, right? 

When user prompted with username\password, and passes authorization, you can try to use Manage Cookie asseriton, add cookie, and in other service you will "Require a Cookie" assertion to pull the cookie up. Since your domain remains the same, no problem with CORS or cookie domain will occur... So basically one of your service will ask for user\pass, generate cookie, and others will look for that cookie. I will also check this in my environment if my suggestion correct .

Denis 

Hello Denis,

yes you get it right , and yes LDAP Directory is same for all services.

now i had tried the same logic as you mentioned but it didn't work for me,I used manage cookie after successful authentication but it didn't set any cookies in Client(browser i am using ).

Can you please tell me the API steps. so i can test.

Apurva,

Depending on how the manage cookie is setup it will need to be attached to the response message otherwise it will not be sent back or if you use the template response with Send Response immediate checked will ignore the add header or cookie.

Sincerely,

Stephen Hughes

Director, CA Support

Apurva,

Did the last post help you resolve the issue?

Sincerely,

Stephen Hughes

Director, CA Support

Hi Apoorva,

After authentication in response are able to see the cookie in the browser?

Also can you share the sample policy on what you have done so that I can help you?

Thank You

Sampath Kumar

Hi Stephen,

How about storing cookie in Gateway level (as in how browser is using cookie), is this a feature?

Regards,

Rofans Manao

Rofans,

You could use the cache or tactical remote cache assertion to store the cookie for reuse later. If the client is not traversing through the same gateway then you will need to use the remote cache to work between nodes.

Sincerely,

Stephen Hughes

Director, CA Support