AnsweredAssumed Answered

Webagent not creating correct SMSESSION cookie domain

Question asked by dmt953 on Jul 14, 2018
Latest reply on Jul 16, 2018 by Hubert Dennis

We recently made some numerous experimental ACO configuration changes for the Federation Services Domain ACO to test inbound SAML SSO authentication and now noticing that the web agent for the federation services domain will now only create SMSESSION cookie for the primary domain.

 

The Apache web server for the Federation Services has three domains:

 

domain 1= abc.com

domain 2 = def.com

domain 3 = xyz.com

 

Users POST SAML assertion to: https://fedsvc.abc.com/affwebservices/saml2/consumerservices  after successful SAML authentication, the web agent creates the SMSESSION cookie for .abc.com domain, but now when the users POST SAML assertion to:  https://fedsvc.xyz.com/affwebservices/saml2/consumerservices then after successful SAML authentication, instead of creating the .xyz.com SMSESSION cookie, it still create the .abc.com domain cookie.

 

I tried playing around with the "CookieDomain" ACO parameters but this did not seem to make any difference.

 

Much appreciate your help as always!

Outcomes