CA API Gateway - Impersonation between CA API Gateway and CA Siteminder

search cancel

CA API Gateway - Impersonation between CA API Gateway and CA Siteminder

book

Article ID: 205843

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Is it possible to do impersonation between CA API GW and CA Siteminder using an impersonated SMSESSION token?

When trying through /auth/oauth/v2/authorize and /auth/oauth/v2/authorize/login/smsession but fails 401 at /auth/oauth/v2/authorize/login.

It seems to fail at "Authenticate Against CA Single Sign-On" assertion and context variables siteminder.smcontext.attributes.SESS_DEF_REASON and .ATTR_STATUS_MESSAGE return nothing.

Environment

Release : All Releases

Component : CA API Gateway

Cause

Trying to do impersonation between CA API Gateway and CA Siteminder using an impersonated SMSESSION token?

When trying through /auth/oauth/v2/authorize and /auth/oauth/v2/authorize/login/smsession but fails 401 at /auth/oauth/v2/authorize/login

It seems to fail at "Authenticate Against CA Single Sign-On" assertion and context variables siteminder.smcontext.attributes.SESS_DEF_REASON and .ATTR_STATUS_MESSAGE returns nothing.

Resolution

CA API Gateway engineering has stated that this CA Siteminder impersonation use case wont work with Gateway. It is not designed/tested.

Feedback

thumb_up Yes

thumb_down No