Symantec Access Management

  • Private Community

  • 1.  How to send SMSession value from mobile browser to mobile app

    Posted Nov 11, 2016 08:26 AM

    Hello Team, I have a question about siteminder authentication for mobile app. I am able to login using mobile browser and it is giving me SMSESSION value. But when I tried to access HTTP REST API via mobile app native code it is giving me 302 error. Basically not reading smsession value from different environment. How I can transfer SMSESSION value from web browser into native environment? Thanks.



  • 2.  Re: How to send SMSession value from mobile browser to mobile app

    Posted Nov 11, 2016 09:47 AM

    Hello, not sure what you mean by different environment but did you check the following ? Maybe you can explain a bit more what you want to archive.

     

    Using CA SiteMinder® SPS in Cookieless Federation

     

    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/implementing/implementing-ca-siteminder-sps/using-ca-siteminder-sps-in-cookieless-federation

     

    Regards,

    Julien.



  • 3.  Re: How to send SMSession value from mobile browser to mobile app

    Posted Nov 11, 2016 10:41 AM

    Hello Julien

     

    Thanks reverting. Please see below further details.

    We are building an ipad tablet app for a client. This client use the Siteminder for their Login process. Within the app we are able to login using the webviewer (browser). But after login when we make a call for other REST API, it is NOT showing results and redirecting to login page again. This is due to smsession values are in webviewer and not in native environment and authentication is failing. May I know how to move SMSession value from webviewer into native environment (so authentication does NOT fail)?                       

    Or is there any documentation to follow so we can use siteminder protected api in native ios environment?

     

    Thanks again and let me know if you would like to speak on this issue.



  • 4.  Re: How to send SMSession value from mobile browser to mobile app

    Posted Nov 14, 2016 08:35 AM

    Hello,

     

    You can also check the following and using a custom agent:

     

    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/programming/programming-in-java/agent-api-guidance-for-java/single-sign-on-with-the-agent-api

     

    Otherwise check with you Account manager and CA Services :

     

    https://communities.ca.com/message/241938081?commentID=241938081&et=watches.email.thread#comment-241938081

     

    Regards,

    Julien.



  • 5.  Re: How to send SMSession value from mobile browser to mobile app
    Best Answer

    Posted Nov 15, 2016 12:09 AM

    pmhooda

     

    Typically SMSESSION Cookie is a browser based Cookie. If your WebAgent which generated the SMSESSION has ACO flag UseHTTPOnly set, then the cookie value is only valid over a HTTP request.

     

    Having said that, this blog from Chris is a very good one, which helps to a large extent how we were able to use COOKIE generated by CA WebAgent on AuthAzWebServices and ViceVersa.

     

    Authentication and Authorization Web Service Session Tokens 

     

    Regards

    Hubert