Symantec Access Management

My IDP (abc.fed.com) has protection level of 500 protected with custom form Auth Scheme template which is redirected to master cookie provider (MCP) and SP (xyz.fed.com) has protection level of 400 protected with SAML 2 Auth Scheme.

After running end to end journey successfully using IDP initiated URL, we can see IDP SM session cookie, master (MCP) SM Session cookie and SP SM Session cookie in the browser. If user hits the IDP initiated URL again in same browser and same session, we are getting session is not valid message in WebLogic logs of IDP env and journey is going in loop on IDP side.

If I am deleting the SMSession cookie of SP side from browser and then rerun the journey using IDP initiated URL in same browser session then its working fine.

Below are the weblogic logs of IDP side:

[11/13/2015][08:42:04][27242][3167026064][a7f79e86-e78f9d03-56808ed1-44abad94-265e5704-0d][SSO.java][processRequest][SmConnectorEnabled: NO]
[11/13/2015][08:42:04][27242][3167026064][a7f79e86-e78f9d03-56808ed1-44abad94-265e5704-0d][ConnectorFactory.java][getFedConnector][Dummy Connector Deployment. No connector to be used]
[11/13/2015][08:42:04][27242][3167026064][a7f79e86-e78f9d03-56808ed1-44abad94-265e5704-0d][FWSBase.java][isValidSession][Checking for valid SESSION cookies.]
[11/13/2015][08:42:04][27242][3167026064][a7f79e86-e78f9d03-56808ed1-44abad94-265e5704-0d][FWSBase.java][getSessionData][Request does not have any cookies.]
[11/13/2015][08:42:04][27242][3167026064][a7f79e86-e78f9d03-56808ed1-44abad94-265e5704-0d][FWSBase.java][isValidSession][No SESSION cookie on request.]
[11/13/2015][08:42:04][27242][3167026064][a7f79e86-e78f9d03-56808ed1-44abad94-265e5704-0d][SSO.java][processRequest][Force Authn is disabled.]
[11/13/2015][08:42:04][27242][3167026064][a7f79e86-e78f9d03-56808ed1-44abad94-265e5704-0d][SSO.java][processRequest][Current session state is: false]
[11/13/2015][08:42:04][27242][3167026064][a7f79e86-e78f9d03-56808ed1-44abad94-265e5704-0d][SSO.java][processRequest][Current session is not a valid session.]
[11/13/2015][08:42:04][27242][3167026064][a7f79e86-e78f9d03-56808ed1-44abad94-265e5704-0d][SSO.java][getLocalServiceURL][Enter getLocalServiceURL]
[11/13/2015][08:42:04][27242][3167026064][a7f79e86-e78f9d03-56808ed1-44abad94-265e5704-0d][SSO.java][getLocalServiceURL][Using Proxy URL for local SSO service:  https://abc.fed.com/affwebservices/public/saml2sso]
[11/13/2015][08:42:04][27242][3167026064][a7f79e86-e78f9d03-56808ed1-44abad94-265e5704-0d][SSO.java][processAuthentication][Not using secure authentication URL.]
[11/13/2015][08:42:04][27242][3167026064][a7f79e86-e78f9d03-56808ed1-44abad94-265e5704-0d][SSO.java][processAuthentication][SAML2 Single Sign-On Service redirecting to authentication URL: https://abc.fed.com/affwebservices/redirectjsp/redirect.jsp?SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SAMLRequest=jZJPT4NAEMW%2FCtk7LH%2BKxU0hwfZgk6pE0IMXs9BBNll2kVla%2FfZS0Fgvjed9837z3uwKeSs7lg6mUY%2FwPgAa66OVCtn0EJOhV0xzFMgUbwGZqVie3u2Y77is67XRlZbEShGhN0KrtVY4tNDn0B9EBU%2BPu5g0xnTIKDWjuV2aGp2Wq4Ybw5WtlRQKnEq3NG9EWWoJpnEQNT1RfJo95AWxNuOkUPwE%2BLXbw8GGtrNr2DulmSx4XR%2BhxJmNtBtKKSp6SuKPlsTabmLyGi7r0o%2BiKlxwzqOqXvjAl8sr9zrwqsj1g1GGOMBW4bigiYnveqHtebYXFG7EgpB5%2Fguxsu%2FsN0LthXq7XFQ5i5DdFkVmz5meoccpzyggyeq0JJvA%2FdkBLtvyn9ZJ8r%2BOV%2FQMMzM7dj%2F6bjeZHqv6tFIp9XHdAzcQE4%2FQZB75%2B0OSLw%3D%3D&RelayState=cookie%3A1447403712_0c4d&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=ACcnVmhgy5xGMcZYR7xbW%2FnRAqnbT57xzlbDS7lxGQmkoM3OOsnA%2Bkcz6G3%2BsKHhX8ngMTQ79QSA5Zi3FQpiQPvE%2Fsg%2FJsGvehD3YCogGfB6h%2FS1if1s16j6Mrr0tsimYb77YMbQ7LrudCvtkwOCHdoYNncZ6UeNprtjIs4AhOJBTj4hx6M%2BFSVZiCBUKi%2BNYrbbyvEqjMl%2FlvNpGW0YwJMTxz8B0uBuGksZ3t%2F64cJ6cUAaEm7HpmedJmYDiO3q32ac7KeVZXhAg4fJo%2FJ52hgFoihTIM79IJWPvzykksQPgwT%2BbbEj12a71MthxDTGfhnZYwngOOOXmoeiHR9HIA%3D%3D&SMPORTALURL=https%3A%2F%2Fabc.fed.com%3A443%2Faffwebservices%2Fpublic%2Fsaml2sso.]

Please suggest if we can make any configuration change/work around to make it working.

Neha,

I think that in this case, based on the nature and complexity of the issue, this would be better dealt with as a formal support request. I recommend opening a support ticket and providing the following information:

Environment Details:

* Policy Server/Fed Manager/Secure Proxy Server/Web Agent versions
* Operating System

Logs:

* Header trace (Fiddler/HttpWatch) showing the behavior

* WebAgent trace log
* Policy Server trace log

* FWSTrace log (if applicable)
* WebLogic logs

This will help us determine exactly where the problem lies and allow us to give you a way to move forward with your workflow.

Thanks but CA support case is already open and provided all logs. Just wanted to check if I can get the quick resolution or any update here.

Neha,

Thank you for clarifying. If you can provide me with the case number, I will notify the assigned engineer that you are requesting an update to your pre-existing case.

Thanks for your support. Case number is 00244027.