API Gateway with SSO Integration not receiving SSO LDAP user additional Attribution attribute information smcontext header
search cancel

API Gateway with SSO Integration not receiving SSO LDAP user additional Attribution attribute information smcontext header

book

Article ID: 130675

calendar_today

Updated On: 04-29-2025

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

Issue trying to return  enriched ldap user attribute information that is explicitly sent by the SSO server is not received by the gateway in the header or the smcontext attributes. 

The assertion returns valid responses for successfully authenticated users. 
However, We are not receiving HTTP Headers with additional attributes that are provided. 

 

Environment

Gateway 9.4

Resolution

Support tested to validate the SSO response can be tied to RULE, OnAccept rule (AU), OnAccess rule (AZ)

AdminUI (SSO) configured 3 LDAP attributes included them in a response group (GRP). Example User Attribute response: MyTelephoneNumber=<%userattr="TelephoneNumber"%>  (LDAP attribute name = TelephoneNumber)

Details Response configuration:


Grouping of all the responses (optional)


AdminUI (SSO) policy create a RULE  (NOTE it must be the same resource and agentname used during the CA Single Sign-On Check Protected Resource assertion)

SSO REALM/RULE protected resource /validate1 with agentname example
 
Responses tied to the RULE 
APIM Policy Manager configure IsProtect using same resource and agentname 

 

In the policy Set Context variable as followed: 
${siteminder.smcontext.attributes.mobile}
${siteminder.smcontext.attributes.HomePhone}
${siteminder.smcontext.attributes.TELEPHONENUMBER}

Example:
Template Response Properties:
Customer ATTR:
Rule-User LDAP Object TelePhoneNumber#: ${TelephoneNumber-rule}
OnAccept-User LDAP Object HomePhone#: ${HomePhone-au}
OnAccess-User LDAP Object Mobile#: ${mobile-az}

Results:
Customer ATTR:
Rule-User LDAP Object TelePhoneNumber#: xxx-xxx-xxxx, xxx-xxx-yyy
OnAccept-User LDAP Object HomePhone#: yyy-yyyy
OnAccess-User LDAP Object Mobile#: zzz-zzz-zzzz