When trying to authenticate through AuthAzWS from CA API gateway the access gateway does not respond .
When is done through a web browser directly it works Issue is happening in the access gateway.
browser -> Access Gateway/AuthAzWs
SOAPUI -> Access Gateway/AuthAzWs
not working :
SOAPUI -> API Gateway -> Access Gateway/AuthAzWs
The normal sequence of events for Basic UN/PW Authentication is actually two requests and responses if using a browser :
Issue is happening in the access gateway.
Access Gateway: Release: 12.8
OS: CENTOS 7
API Gateway 9.2
4) Fix API Gateway forward rule.
We add the Cookie:SMCHALLENGE=YES header to the requests from the gateway
<Please see attached file for image>
The way to debug differences in a working / not-working senario - which often comes up when direct access works and when via a proxy the access does not work. Is to compare the two requests as they are received aty the backend server. In this case the requests were in cleartext, so just a tcpdump or wireshark trace will capture the relevant information.
Our diagnostic process was as follows :
1) Wireshark trace and compare.
We captured the tcpdump on the SPS/ Access Gateway machine for the direct (success) and via Gateway (failure) cases and compare.
We see that when direct SOAPUI sends request without credentials. A 401 response is received, with Set-Cookie SMCHALLENGE=YES
And then SOAPUI sends second request this time with the credentials - and it also includes the Cookie: SMCHALLENGE=YES header. And the request is authenticated and returns correct result..
We see that via API Gateway, the Gateway preemtively sends the Authenticate: header - and this results in error returned from SPS/Ag.
2) Simulate error in SOAPUI (direct)
We change SOAPUI to pre-emtively send Authenticate: header (there is a setting when entering the auth UN/PW). And we find direct request from SOAPUI then gives the same error that we get when we go via API Gateway.
3) Simulate 2nd POST.
We then work on SOAPUI to simulate the 2nd POST, the main issue is that 2nd POST contains the Cookie:SMCHALLENGE=YES header
So we change SOAPUI to send SMCHALLENGE=YES cookie and to preemptively send Authenticate: header.
And this works - so we have our soln to apply to request via API Gateway.