Layer7 API Management

Hi All,

I have a requirement for a login service which utilizes Siteminder for Auth/Authz and I need to pass source IP from a gateway to Siteminder so that it can have it in the loggers. 

As of now with a plain OOB feature, I am not seeing any sourceIP getting printed in Siteminder logs.

I need help on this from this community if this requirement can be achievable. 

Regards

Ashutosh

Are you looking for the client IP address in SMACCESS log?  (Note: Client the made a request to the APIM server)

Example:

AzAccept MCQST02-U154484 [30/Sep/2015:12:28:20 -0400] "138.42.187.163 cn=AUser30,ou=APSUsers,dc=ca,dc=com" "lodsun30a-mysite GET /app2/index.html" [0000000000000000000000000a823a0b-4054-560c0d43-004d-83c02fb7] [0]  [] []

If so I have and open bug to have the clientIP always populated (which is not populated if IPCheck is not enabled on APIM side)

DE388060

Targeted Release Number changed from null - next cr cycles

API Gateway v9.4.00 CR01

API Gateway v9.3.00 CR05

To get the ClientIP populate without a fix will turn on IP checking on the SSO side - not always wanted

Yes, this is absolutely what I am looking for. So you are confirming that this is going to be an enhancement in upcoming release?

Also for now if we want to fix it in the current release 9.3, do we have any patch for that ?

Best Regards

Ashutosh Singh

it would work OK if the ClientIP and IP in SMSESSION matched, however when a network devices or proxy is used with different IP (APIM and PS) policy Server (PS) will failed to validate with ip Checking

TO get around this upgrade of APIM is needed

API Gateway v9.4.00 CR01
API Gateway v9.3.00 CR05

APIM put * in front of the ClientIP results Policy server not perform IPChecking - same flow as standard WebAgent