We recently made some numerous experimental ACO configuration changes for the Federation Services Domain ACO to test inbound SAML SSO authentication and now noticing that the web agent for the federation services domain will now only create SMSESSION cookie for the primary domain.
The Apache web server for the Federation Services has three domains:
domain 1= abc.com
domain 2 = def.com
domain 3 = xyz.com
Users POST SAML assertion to: https://fedsvc.abc.com/affwebservices/saml2/consumerservices after successful SAML authentication, the web agent creates the SMSESSION cookie for .abc.com domain, but now when the users POST SAML assertion to: https://fedsvc.xyz.com/affwebservices/saml2/consumerservices then after successful SAML authentication, instead of creating the .xyz.com SMSESSION cookie, it still create the .abc.com domain cookie.
I tried playing around with the "CookieDomain" ACO parameters but this did not seem to make any difference.
Much appreciate your help as always!