I have a requirement for a login service which utilizes Siteminder for Auth/Authz and I need to pass source IP from a gateway to Siteminder so that it can have it in the loggers.
As of now with a plain OOB feature, I am not seeing any sourceIP getting printed in Siteminder logs.
I need help on this from this community if this requirement can be achievable.
Are you looking for the client IP address in SMACCESS log? (Note: Client the made a request to the APIM server)
AzAccept MCQST02-U154484 [30/Sep/2015:12:28:20 -0400] "220.127.116.11 cn=AUser30,ou=APSUsers,dc=ca,dc=com" "lodsun30a-mysite GET /app2/index.html" [0000000000000000000000000a823a0b-4054-560c0d43-004d-83c02fb7]   
If so I have and open bug to have the clientIP always populated (which is not populated if IPCheck is not enabled on APIM side)
Targeted Release Number changed from null - next cr cycles
API Gateway v9.4.00 CR01
API Gateway v9.3.00 CR05
To get the ClientIP populate without a fix will turn on IP checking on the SSO side - not always wanted
Yes, this is absolutely what I am looking for. So you are confirming that this is going to be an enhancement in upcoming release?
Also for now if we want to fix it in the current release 9.3, do we have any patch for that ?
it would work OK if the ClientIP and IP in SMSESSION matched, however when a network devices or proxy is used with different IP (APIM and PS) policy Server (PS) will failed to validate with ip Checking
TO get around this upgrade of APIM is needed
API Gateway v9.4.00 CR01API Gateway v9.3.00 CR05
APIM put * in front of the ClientIP results Policy server not perform IPChecking - same flow as standard WebAgent