Hi Nilantha,
Maybe you could explain more about "During the test is used http requests (not https) to the Web API and then https from Web API to SAP". So this is not straight http request.
In another word, please describe step by step of request, and at what stage, does siteminder agent come in picture?
Is protected service a java servlet service or soap, or something else?
Is it GET/POST call, or some other calls were made by API?
If you could provide some concrete examples of the entire flow, that will be more helpful to understand what the true requirement is.
Thank you.
Hongxu Liu
CA SSO Support