ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

SM proxy not reading SMSESSION created by API gateway

book

Article ID: 187316

calendar_today

Updated On:

Products

CA Mobile API Gateway CA Rapid App Security

Issue/Introduction

We have a siteminder access gateway acting as a web front end for IDM. We have an API on the API gateway that sends requests to IDM via said  SM access gateway but we are having challenges making the connection. In scenario 1 we are authenticating against siteminder and creating smtoken and SMSESSION cookie in the API gateway policy before routing request.  In scenario 2 we are accepting basic credentials and forwarding them together with the request. 

1. When an SMSESSION is created at the API gateway, SM proxy returns a 401 with "smsession is from a custom 3rd party and not accepted" 

--This happens at first try, but when same request is sent a second time, we get a success response. 

2. When basic auth credentials are sent SM proxy returns a 403 with "missing required cookies" 

 

Cause

The SSO Access gateway must accept third party cookies in order to consume SMSESSION from the gateway which uses the SSO SDK to create SMSESSION - it is not a standard SSO agent

Environment

Release : 7.1

Component : MOBILE API

Resolution

From SSO Admin UI modify the AgentConfigObject (ACO) used by SSO access gateway add the parameter 

accepttpcookie=yes