Layer7 API Management

I have an endpoint on my gateway which has to be protected by SiteMinder. As soon as I get to the 'Authenticate with CA Signle Sign On' assertion, API gateway fails with the 'Authentication required'  errors in gateway. I would expect a basic authentication prompt instead.

Properties of that assertion:

se;ected 'Use Last Credentials'

Checked : 'username/password'

Referring to correct prefix.

However when I doisable this assertion and use 'Authoruze  via Single sign on' am able to authorize access with a existing SMSESSION. Documentation is pretty cumbersome around this integration and appreciate any insight.

Thanks. 

Good evening,

The way that the Authenticate with Single Sign On assertion works is that it expects that the credentials have been gathered either as HTTP Basic or passed in as a SMSESSION Cookie in the header. The following documentation provides both of these scenarios and example breakdown of the policy. Working with CA Single Sign-On - CA API Gateway - 9.0 - CA Technologies Documentation 

Sincerely,

Stephen Hughes

Director, CA Support

Hi Anil, here was some recent notes about setting up SSO / APIM Gateway integration.

Integrating APIM Gateway with CA Single Sign-On - adding a grace time for updating SMSESSION cookie. 

API Gateway use of SSO doesn't implement Idle timeout - here is how to implement idle timeout in Gateway Policy 

I understand there is also work to make it easier going on as well.

Cheers - Mark