CA Single Sign-On Tech Tip by Sau Lai Wong, Principal Support Engineer for 6th September 2016
Issue:
Upon upgrading Federation Gateway (SPS/ WAOP/ Federation Manager) from R12.5 to R12.52 release, notice new Siteminder Session cookie is generated by FWS Agent.
Environment:
Apply to R12.51, R12.52 SPS/ WAOP/ Federation Manager.
Cause:
Starting from R12.51 release, FWS Agent generates new Siteminder Session Cookie after validating existing session cookie successfully.
[07/26/2016][14:18:30][5158][819177216][aa0f058d-db896087-989afade-0ae9ff38-bff7510a-aa][FWSBase.java][createSessionCookie][Validating input...]
[07/26/2016][14:18:30][5158][819177216][aa0f058d-db896087-989afade-0ae9ff38-bff7510a-aa][FWSBase.java][createSessionCookie][Creating the smsession cookie for SP domain [CHECKPOINT = SSO_SMSESSIONFORSPDOMAIN_REQ]]
[07/26/2016][14:18:30][5158][819177216][aa0f058d-db896087-989afade-0ae9ff38-bff7510a-aa][FWSBase.java][createSessionCookie][Recived valid input. Attempting to create SESSION cookie.]
[07/26/2016][14:18:30][5158][819177216][aa0f058d-db896087-989afade-0ae9ff38-bff7510a-aa][FWSBase.java][createSessionCookie][session id is: /aaacaUi9lUagDH0dzMusCfdzsw=]
[07/26/2016][14:18:30][5158][819177216][aa0f058d-db896087-989afade-0ae9ff38-bff7510a-aa][FWSBase.java][createSessionCookie][About to create SESSION cookie.]
[07/26/2016][14:18:30][5158][819177216][aa0f058d-db896087-989afade-0ae9ff38-bff7510a-a][FWSBase.java][createSessionCookie][Placing smsession in browser [CHECKPOINT = SSO_PLACESMSSESSIONTOBROWSER_REQ]]
FWS Agent can reference Agent Config Object that differs from the frontend webagent. The following parameters are applicable to FWS Agent:
DefaultAgentName TransientIDCookies AcceptTPCookie TransientIPCheck CookieDomain CookieDomainScope SSOZoneName SSOTrustedZone FedDeploymentMode FedSmConnectorEnabled UseSecureCookies
Resolution:
Ensure that the session cookie generated by FWS Agent matches the criteria (cookie domain, secure flag) for single sign-on.