The CA Siteminder SMSESSION Cookie doesn't get reused between services exposed by the CA API Gateway and other services

Document ID : KB000009257
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

CA API Gateway and CA Siteminder have been integrated, and some of the services protected by CA Siteminder have been published on the Gateway (serviceA). Some of the services have not been published (serviceB).

When accessing serviceA, a SMSESSION cookie gets written. On accessing serviceB this SMSESSION cookie doesn't get reused, instead the user needs to re-authenticate.

When first accessing serviceB and then serviceA the SMSESSION cookie gets reused and there is no need for re-authentication.

Environment:
On the assertion "Response: Add or Replace Cookie" on the CA API Gateway the following values are set:Name: SMSESSIONValue: {siteminder.smcontext.smstoken}Domain: Path: /
Cause:

The cookie gets reused only for services on the subset of the path, that you enter in the assertion.

To ensure, that the cookie is reused for all services of this SSO configuration the path should be set to the ROOT folder.

Resolution:

Change the value for the path in the assertion to

Path: /

 

See https://docops.ca.com/ca-api-gateway/9-2/en/policy-assertions/assertion-palette/message-routing-assertions/manage-cookie-assertion for more information on this assertion.