Issue:
We're running 2 Web Agents, when the browser tries to access a URL in the domain ".myhost.mydomain.myservice" after having been authenticated in domain ".myhost.myspecialdomain.com", then the user needs to provide credentials again, and we would expect it to be automatically logged in and perform SSO.
The SMSESSION cookie for the Cookie Provider domain .myhost.mydomain.myservice is not getting created before going to the protected resource on ".myhost.myspecialdomain.com"
How can we solve this issue ?
Environment:
Policy Server R12.52 SP1
Resolution:
The Cookie Provider had the ACO Parameter limitcookieprovider set to YES. This means that the Cookie Provider won't create any cookie for the cookie provider domain.
To solve the issue, you need to set the limitcookieprovider to NO on the Cookie Provider.
Sample of the configuration :
Cookie Provider
http://host-U203313.myhost.mydomain.myservice/protected/index.html
[18648/2428991232][Mon Sep 11 2017 16:18:34] cookiedomain=''.
[18648/2428991232][Mon Sep 11 2017 16:18:34] cookiedomainscope='0'.
[18648/2428991232][Mon Sep 11 2017 16:18:34] enablecookieprovider='yes'.
[18648/2428991232][Mon Sep 11 2017 16:18:34] limitcookieprovider='no'.
[18648/2428991232][Mon Sep 11 2017 16:18:34] trackcpsessiondomain='yes'.
[18648/2428991232][Mon Sep 11 2017 16:18:34] tracksessiondomain='yes'.
Agent
http://host-U203312.myhost.myspecialdomain.com/protected/index.html
[14869/738195200][Mon Sep 11 2017 16:18:34] cookiedomain='.myhost.myspecialdomain.com'.
[14869/738195200][Mon Sep 11 2017 16:18:34] cookiedomainscope='0'.
[14869/738195200][Mon Sep 11 2017 16:18:34] cookieprovider='https://host-u203313.myhost.myspecialdomain.com/SmMakeCookie.ccc'.
[14869/738195200][Mon Sep 11 2017 16:18:34] enablecookieprovider='no'.
[14869/738195200][Mon Sep 11 2017 16:18:34] limitcookieprovider='no'.
[14869/738195200][Mon Sep 11 2017 16:18:34] tracksessiondomain='yes'.
KB : TEC1009839