Can the API Gateway authorize a transaction with a SiteMinder (Single Sign-On) session cookie that was generated on a separate webserver, assuming the webserver is a component of the same Single Sign-On infrastructure as the API Gateway?
I seem to be able to authorize via SiteMinder using cookies that were generated on the gateway, but the gateway is not authorizing SiteMinder cookies that are generated at a set of centralized login servers. In fact, even though I see a "Not Authorized!" message at the gateway, I do not see an isAuthorized call or AZReject at the Policy Server, in the SMPS trace logs.
Any help would be appreciated.
Thanks,
Josh