Cookie not setting when redirecting between same proxy URLs

Question

I have a scenario where we are using Okta for authentication and trying to use Apigee proxy in between to route our requests.

What is happening:

1. We start the front-end site

2. Request hits the back-end API (/login) to start the authentication

3. Okta does the authentication and sends the request back to API (e.g. /saml/sso)

4. API then fetches the information from Okta's response and redirects to another endpoint (e.g. /auth/success) in the same API

5. This new endpoint (/auth/success) is supposed to send the request back to front-end site, but instead it actually sends the request back to Okta for verification.

The issue I am running into because of this is an endless loop between my API and Okta. I tried the tracing at Apigee and I see that when the redirection is happening to /auth/success from /saml/sso there is a Set-Cookie parameter response header and in that there is a JSESSIONID value, but when the redirection is happening to /auth/success endpoint, I don't see this JSESSIONID value in the cookie in request header and that is the reason I believe why it's going back to Okta.

What can I do for this issue? I am new to this Apigee platform and still trying to figure things out.

Trace Session in Apigee

redirecting to /auth/success with Set-Cookie with the JSessionID in response header:

Next request going to /auth/success with cookie, but no JSessionID in it: