|
|
|
Symptom:
After successful SAML authentication at consumer/SP site, the consumer/SP Web Agent still challenges the user because of cookie domain mismatch.
Solution:
Verify that the producer/IdP and consumer/SP are not in the same cookie domain. Legacy federation does not support federation within the same cookie domain. Separate cookie domains are required at the producer/IdP and consumer/SP sites. Additionally, verify that the CookieDomainScope parameter is set to the appropriate value for your environment. This parameter is a Web Agent parameter (see information about single sign-on in the SOA Security Manager Web Agent Configuration Guide.
If separate cookie domains are in use, verify that the cookie domain in the Agent configuration matches the domain name in the requested target URL.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |