When configure HTTP(s) Routing properties Headers “Pass through only certain response headers - Set-Cookie” the scope of the cookie is set to the domain and path of the gateway service
Gateway is not passing the same value which we are getting from the backend service. Path and Domain values are overwriting.
Turned on the log and captured the response header. Here is the sample
Received from backend : Set-Cookie:jwt_token=aeyJ…….4UtvbqX1w; Path=/TEST; HttpOnly; Domain=.sso.com
Layer 7 converting to Set-Cookie:jwt_token=aeyJ…….4UtvbqX1w; Path=/route2; HttpOnly; Domain=.domain.net
All supported versions of the API Gateway
To resolve setup the following:
Backend resource created setcookie.jsp (set cookie)
Gateway service created two context variables set them to false
response.cookie.overwriteDomain
response.cookie.overwritePath
HTTP(S) Route backend jsp set-cookies http://somehost.sso.com:8585/jsp1/setcookie.jsp
Headers properties for the Route checked “Pass through only certain response headers”
Immediately after the HTTP(S) route add “Manage Cookie” assertion (NOTE for domain if you want to change uncheck “original value” enter different domain, however if the domain is different than what the client is accessing it may be rejected by the browser
Test 1 gateway service:
http://Gateway.net:8080/route2
Fiddler responses:
Set-Cookie: jwt_token=123455787899; Domain=.sso.com; Path=/; Expires=Thu, 25-Apr-2019 13:36:09 GMT; Max-Age=86908
Browser checked cookies address bar javascript:alert(document.cookie) because the cookie was set in .myssosites.com and the browser accessing .example.net awt_token in not available
Test 2: If change the Domain of the Manager Cookie Assertion to domain that is accessed by the client the jwt_token is available
Browser cookies with jwt_token cookie: