Hello everyone,
with Layer7 I have created policies / api that use the siteminder SMSESSION as authentication / authorization. (eg the smession is passed in the header as if it were an "api key"). In this way on the Layer7 side I can understand the identity of the user (I use sso authentication and authorizzation assertion) and possibly call some TEWS [broadco iga] tasks "on behalf the user" passing the smsession as cookie.
But now I have an application that is federated (always with siteminder) with OpenID Connect. In this case I don't have the smsession.
I thought that I could somehow pass it in the json, but this does not work because in the meantime that you use it, smsession could be "expired".
Do you have any suggestions on how I could handle this situation?
Thanks in advance