To integrate API Gateway with SiteMinder RestAPI, the first step is to do a POST to the https://.../ca/api/sso/services/login/v1/token with the right credentioal to retrieve a session key. To do that, a Route Assertion is used.

At the beginning of this attempt, you may be seeing a generic WARNING similar to the following in the ssg log:

2025-08-07T14:09:03.760-0500 WARNING 550 com.l7tech.server.message: Message was not processed: Error in Assertion Processing (601)

then the Assertion simply failed.

Release: 11.0+
Component: CA API Gateway

Release 12.8/sp5+
Component: SiteMinder

All things considered, this tends to be a certiicate issue.

To correctly construct the Route Assertion to post a request to the SiteMinder RestAPI to retrieve firstly the sessionkey required for other follow-up requests, please observe the following requirements:

• on Route Assertion
  • URL: https://.../ca/api/sso/services/login/v1/token
  • HTTP Method: POST
  • Authentication Tab
    • Specify HTTP Credentials
      • User Name: SiteMinderLegacyAdminID
      • Password: SiteMinderLegacyAdminPassword
• Certificate trust
  • Navigating through Tasks/Certificates, Keys and Secrets/Manage Certificates to Add/Import the certificate chian the SiteMinder Admin UI uses to provide the https support.
  • If the attempt to add/import the certificat chain ended up update any of the existing certificates, then a restart of the ssg service may be required.
  • There is also the possibility that the Admin UI certificate is a CA-issued certificate. If so, the Certificate Authority certificate the issued the Admin UI certificate will need to be imported too.

2025-08-07T14:09:03.760-0500 WARNING 550 com.l7tech.server.policy.assertion.ServerHttpRoutingAssertion: 4042: Problem routing to https://XXXXX.XXXX.XXX:8443/ca/api/sso/services/login/v1/token. Error msg: Unable to obtain HTTP response from https://XXXXX.XXXX.XXX:8443/ca/api/sso/services/login/v1/token: Certificate [cn=YYYYY.YYYY.YYY:] path validation and/or revocation checking failed
2025-08-07T14:09:03.760-0500 WARNING 550 com.l7tech.server.MessageProcessor: 3016: Request routing failed with status 601 (Error in Assertion Processing)

2025-08-08T09:27:15.639-0400 WARNING 688  com.l7tech.server.policy.assertion.ServerHttpRoutingAssertion: 4042: Problem routing to https://XXXXX.XXXX.XXX:8443/ca/api/sso/services/login/v1/token. Error msg: Unable to obtain HTTP response from https://XXXXX.XXXX.XXX::8443/ca/api/sso/services/login/v1/token: Received fatal alert: handshake_failure
2025-08-08T09:27:15.640-0400 WARNING 688  com.l7tech.server.MessageProcessor: 3016: Request routing failed with status 601 (Error in Assertion Processing)
2025-08-08T09:27:15.640-0400 WARNING 688  com.l7tech.server.message: Message was not processed: Error in Assertion Processing (601)

• • SiteMinder Admin UI unavailable (timed out)

2025-08-08T03:34:47.413-0500 WARNING 563 com.l7tech.server.policy.assertion.ServerHttpRoutingAssertion: 4042: Problem routing to https://XXXXX.XXXX.XXX:8443/ca/api/sso/services/login/v1/token. Error msg: Unable to obtain HTTP response from https://XXXXX.XXXX.XXX:8443/ca/api/sso/services/login/v1/token: Connect to XXXXX.XXXX.XXX:8443 timed out
2025-08-08T03:34:47.413-0500 WARNING 563 com.l7tech.server.MessageProcessor: 3016: Request routing failed with status 601 (Error in Assertion Processing)