API Gateway // SSO Integration -Gateway not receiving SSO LDAP user Attribution information


Article ID: 130675


Updated On:


STARTER PACK-7 CA Rapid App Security CA API Gateway


Issue trying to return  enriched ldap user attribute information that is explicitly sent by the SSO server is not received by the gateway in the header or the smcontext attributes. 

The assertion returns valid responses for successfully authenticated users. 
However, We are not receiving HTTP Headers with additional attributes that are provided. 



Gateway 9.4


Support tested to validate the SSO response can be tied to RULE, OnAccept rule (AU), OnAccess rule (AZ)

AdminUI (SSO) configured 3 LDAP attributes included them in a response group (APIM-GRP). Example User Attribute response: MyTelephoneNumber=<%userattr="TelephoneNumber"%>  (LDAP attribute name = TelephoneNumber)

Details Response configuration:

<Please see attached file for image>

Detail response

Grouping of all the responses (optional)

<Please see attached file for image>


AdminUI (SSO) policy create a RULE  (NOTE it must be the same resource and agentname used during the CA Single Sign-On Check Protected Resource assertion)

SSO REALM/RULE protected resource /validate1 with agentname apim-gw_agent-devcloud

<Please see attached file for image>

Responses tied to the RULE 

<Please see attached file for image>

APIM Policy Manager configure IsProtect using same resource and agentname 

<Please see attached file for image>

APIM IsProtected
In the policy Set Context variable as followed: 

Template Response Properties:
Customer ATTR:
Rule-User LDAP Object TelePhoneNumber#: ${TelephoneNumber-rule}
OnAccept-User LDAP Object HomePhone#: ${HomePhone-au}
OnAccess-User LDAP Object Mobile#: ${mobile-az}

Customer ATTR:
Rule-User LDAP Object TelePhoneNumber#: 508-898-7570, 978-898-7050
OnAccept-User LDAP Object HomePhone#: 555-5551
OnAccess-User LDAP Object Mobile#: 888-898-0570


1558687722724000130675_sktwi1f5rjvs16fdi.png get_app
1558687721015000130675_sktwi1f5rjvs16fdh.png get_app
1558687719222000130675_sktwi1f5rjvs16fdg.png get_app
1558687717337000130675_sktwi1f5rjvs16fdf.png get_app
1558687714393000130675_sktwi1f5rjvs16fde.png get_app
1558537178269validate1.zip get_app