We have a siteminder access gateway acting as a web front end for IDM. We have an API on the API gateway that sends requests to IDM via said  SM access gateway but we are having challenges making the connection. In scenario 1 we are authenticating against siteminder and creating smtoken and SMSESSION cookie in the API gateway policy before routing request.  In scenario 2 we are accepting basic credentials and forwarding them together with the request. 

1. When an SMSESSION is created at the API gateway, SM proxy returns a 401 with "smsession is from a custom 3rd party and not accepted" 

--This happens at first try, but when same request is sent a second time, we get a success response. 

2. When basic auth credentials are sent SM proxy returns a 403 with "missing required cookies" 

 

Release : 7.1

Component : MOBILE API

The SSO Access gateway must accept third party cookies in order to consume SMSESSION from the gateway which uses the SSO SDK to create SMSESSION - it is not a standard SSO agent

From SSO Admin UI modify the AgentConfigObject (ACO) used by SSO access gateway add the parameter 

accepttpcookie=yes