AnsweredAssumed Answered

[CA API Gateway] Response’s authentication headers transmission with Route via HTTP(S)

Question asked by Emmanuel.Champommier on Dec 5, 2017
Latest reply on Nov 10, 2018 by Stephen_Hughes

We are using CA API Gateway product in version 9.2.00 and encounter the following problem.
Building a service configuration, the policy assertion “Route via HTTP” was embedded in a “At least one assertion must evaluate to true” to be able to trap errors and process/log them:

The backend service (destination of Route via HTTP) uses Negotiate/NTLM authentication protocol from the request.

Using this configuration, when the first request is sent from third part application, the request is correctly sent to the backend. But the response with code 401 sent back from the gateway to the third part application does not contains the “WWW-Authenticate: Negotiate” and “WWW-Authenticate: NTLM” headers used to indicate the authentication protocol.

Using the debugger, “WWW-Authenticate” headers are not contained in the response header field (only user access information and URLs are hidden in the following capture):

Is there a way to transmit these headers and authentication information between the backend service response and the gateway response to third application?
If this is not the possible, how can we process such case (request authentication transmission and error handling)? What are the best practices and do we respect them?