The CA Siteminder SMSESSION Cookie doesn't get reused between services exposed by the CA API Gateway and other services
search cancel

The CA Siteminder SMSESSION Cookie doesn't get reused between services exposed by the CA API Gateway and other services

book

Article ID: 9257

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

CA API Gateway and CA Siteminder have been integrated, and some of the services protected by CA Siteminder have been published on the Gateway (serviceA). Some of the services have not been published (serviceB).

When accessing serviceA, a SMSESSION cookie gets written. On accessing serviceB this SMSESSION cookie doesn't get reused, instead the user needs to re-authenticate.

When first accessing serviceB and then serviceA the SMSESSION cookie gets reused and there is no need for re-authentication.

Environment

API Gateway: All supported versions

Cause

The cookie gets reused only for services on the subset of the path, that you enter in the assertion.

To ensure, that the cookie is reused for all services of this SSO configuration the path should be set to the ROOT folder.

Resolution

Change the value for the path in the assertion to Path: /

On the assertion "Response: Add or Replace Cookie" the following values are set:

Name: SMSESSION

Value: {siteminder.smcontext.smstoken}

Domain: Path: /

 

See Manage Cookie Assertion for more information on this assertion.