Hi dear community,
We are working on implementing an SSO cross domain and have chosen a CA SiteMinder Cookie Provider advance.
I have a question about CA SiteMinder Cookie provider configuration:
- We have an ca sso in one domain ".d1.fr". The SSO in ".d1.fr" is working fine.
- We want to implement an SSO between ".d1.fr" and 2 new domains: ".d2.fr" and ".d3.com"
We have follow the documentation of cookie provider configuration: Configure Web Agent Single Sign-On Settings - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation.
In this use case the cookie provider domain is ".d1.fr".
We have configured ".d2.fr" as the following: A web agent running in a reverse proxy Apache (Linux redhat 6.8) in a new ACO. In this ACO we have the SmMakeCookie referenced as indicated in the previous documentation.
We have created an application "app1.d2.fr" protected by an webAgent in ".d2.fr".
When we try an access to "app1.d2.fr" we have the authentication scheme and are redirect to ".d1.fr" login page correctly. We are correctly authenticated in ".d1.fr" but we cannot access to "app1.d2.fr".
By checking the siteMinder smaccess log file, we have an AzReject for app1.d2.fr.
Have you any idea about this use case ?
Thank you for your help.