We have a siteminder access gateway acting as a web front end for IDM. We have an API on the API gateway that sends requests to IDM via said SM access gateway but we are having challenges making the connection. In scenario 1 we are authenticating against siteminder and creating smtoken and SMSESSION cookie in the API gateway policy before routing request. In scenario 2 we are accepting basic credentials and forwarding them together with the request.
1. When an SMSESSION is created at the API gateway, SM proxy returns a 401 with "smsession is from a custom 3rd party and not accepted"
--This happens at first try, but when same request is sent a second time, we get a success response.
2. When basic auth credentials are sent SM proxy returns a 403 with "missing required cookies"