Hi,
I have the following use case.
I have two applications deployed in HCP. The first application has a servlet which wants to access a servlet in the second application.
The second application is secured by SAML 2.0 authentication and linked to HCP default ID provider.
Was using Authenticate Applications using SAML 2.0 - REST API Application Development (On-premise and Cloud) - SAP Library as reference.
Did the following steps from the first application servlet:
- httpCliet.execute(httpGet(secondApplicationServletURL))
- Got 200 OK response.
- Verified that com.sap.cloud.security.login:login-request is present on the header
- Examined the cookies received in the response, found two in the list
1. BIGipApplicationURL
2. Some random string.
According to the reference document, there should be a cookie name X-SMP-SESSID, which is absent. Am i missing something here?
As I understand from the above document, need to create another httpClient.get(http[s]://<host:port>/SAMLAuthLauncher) request with X-SMP-SESSID set as cookie.
This will trigger the authentication process and finally need to call my application servlet again with the auth session cookie.
Is my understanding correct?
Thanks
Dixit