CA API Gateway - Impersonation between CA API Gateway and CA Siteminder

book

Article ID: 205843

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

 

Is it possible to do impersonation between CA API GW and CA Siteminder using an impersonated SMSESSION token?

When trying through /auth/oauth/v2/authorize and /auth/oauth/v2/authorize/login/smsession but fails 401 at /auth/oauth/v2/authorize/login.

It seems to fail at "Authenticate Against CA Single Sign-On" assertion and context variables siteminder.smcontext.attributes.SESS_DEF_REASON and .ATTR_STATUS_MESSAGE return nothing.

 

Cause

Trying to do impersonation between CA API Gateway and CA Siteminder using an impersonated SMSESSION token?

When trying through /auth/oauth/v2/authorize and /auth/oauth/v2/authorize/login/smsession but fails 401 at /auth/oauth/v2/authorize/login

It seems to fail at "Authenticate Against CA Single Sign-On" assertion and context variables siteminder.smcontext.attributes.SESS_DEF_REASON and .ATTR_STATUS_MESSAGE returns nothing.

 

Environment

Release : All Releases

Component : CA API Gateway

Resolution

CA API Gateway engineering has stated that this  CA Siteminder impersonation use case wont work with Gateway. It is not designed/tested.