CA API Gateway and CA Siteminder have been integrated, and some of the services protected by CA Siteminder have been published on the Gateway (serviceA). Some of the services have not been published (serviceB).
When accessing serviceA, a SMSESSION cookie gets written. On accessing serviceB this SMSESSION cookie doesn't get reused, instead the user needs to re-authenticate.
When first accessing serviceB and then serviceA the SMSESSION cookie gets reused and there is no need for re-authentication.
API Gateway: All supported versions
The cookie gets reused only for services on the subset of the path, that you enter in the assertion.
To ensure, that the cookie is reused for all services of this SSO configuration the path should be set to the ROOT folder.
Change the value for the path in the assertion to Path: /
On the assertion "Response: Add or Replace Cookie" the following values are set:
Name: SMSESSION
Value: {siteminder.smcontext.smstoken}
Domain: Path: /
See Manage Cookie Assertion for more information on this assertion.