Layer7 API Management

Hi,

I tried to add assertions required for both cases(Basic User Authentication using CA Single Sign-On and Basic User Authentication via HTTP cookie using CA Single Sign-On) in different APIs. In my case, both are working in same way meaning in both cases steps followed:

1. Hit the URL for first time and it asked for credentials then provided API response

2. Hit the URL again and it didn't ask for credentials and provided API response

and I feel in second case(Basic User Authentication via HTTP cookie using CA Single Sign-On), it is not even setting cookie variable. Can you please clarify if I am doing it in some other way.My understanding is in Basic User Authentication using CA Single Sign-On, it should always ask for credentials whenever I call the API and in Basic User Authentication via HTTP cookie using CA Single Sign-On, it should check if authentication is done before or not and if user is authenticated before, it should use cookie. 

Good afternoon,

Depending on whether the policy has the logic to check for SMSESSION Cookie first before the HTTP Authentication then ensure that it is setting the cookie back to the client. Example of the policy layout is in the

Basic User Authentication via HTTP Cookie using CA Single Sign-On Assertions section -

https://docops.ca.com/ca-api-gateway/9-2/en/security-configuration-in-policy-manager/tasks-menu-security-options/manage-ca-single-sign-on-configurations/working-with-ca-single-sign-on

Sincerely,

Stephen Hughes

Director, CA Support