Symantec Access Management

Hi There,

After authentication with siteminder, I see two SMSESSIONs one is with .mydmn.com and another with www.test.mydmn.com in the broswer.I am just looking to have only one smcookie with .mydmn.com.

However, i have mentioned the cookiedomain name as .mydmn.com and domain scope as 2 in aco.Please advice.

Are there two different agents involved ? One for protecting the resource ..and another for login ?

Do you have cookiedomainscope/cookiedomainname set to same value in both the agent ?

If not, agent trace log with the fiddler would be required to be analyzed.

Only one agent and one aco involved.In that aco i had domainname as .mydmn.com and domainscope-2.For instance my url look alike http://test.mydmn.com/protectedresouce . Due to some reason I see two cookies one with domain .mydmn.com and another is test.mydmn.com.

can u attach agent trace and fiddler log for review?

Sent from my iPhone

I don't see any attachment icon here to attach it.

You will need to change to advanced edit mode to be able to attach

Sent from my iPhone

Hi Sharath,

How did you go with this?
Last time I checked, you indeed have different agent instance for target (agent protecting resource) and the login (agent doing the login) agents.

I asked you to match cookiedomain & cookiedomainscop for both of these agent and test.

Let me know if you need help.

Regards,

Ujwol

Hi  Sharathbabu,

Please refer to the following Knowledge Base Article witch explains how Web Agents determine the Cookie Domain for a request;

How is the resolved Cookie Domain determined for a Single Sign On (fka SiteMinder) Agent? 

It sounds like the user is accessing two different Agents with different settings for the CookieDomain and CookieDoaminScope settings, so the user is getting cookies set in two different Domains. Fiddler is a good tool to determine where the cookies are being set.

Hope this helps,

Rick