AnsweredAssumed Answered

IE Protected Mode and cookie provider sites

Question asked by ryan.kogelheide on May 19, 2011
Latest reply on Jun 8, 2011 by jeff.tchang
We have a central credential collector on our main domain used for most of our websites - lets call it logon.example.com. When a site is created outside that domain, such as website.myexample.org, we use the cookie-provider functionality to allow SiteMinder session cookies to be set on the non-.example.com domain.

The problem we are facing is for our internal workstations. When Internet Explorer is set with it's default settings where the Internet runs as "Protected Mode" and the Local Intranet is not running "Protected Mode", website.myexample.org appears as part of the Internet and our credential collector and cookie provider at logon.example.com appear as Local Internet. Internet Explorer opens a separate window for the different execution mode and does not share the cookies between the windows.

Our solution could be to change all internal workstations' list of domains that are in the Local Intranet every time someone adds a new name, but that's
quite difficult. We don't have centralized control over the registration of the domains. We also can't manage it during agent registration or policy
creation because SiteMinder doesn't really care what domain name is used.

The only other solution we can think of is to "duplicate" our credential collector on an a domain that IE thinks is Internet, but even that seems
problematic since it would essentially create two different cookie domains.

Has anyone out there faced this issue and if so, how did they resolve it?

Outcomes