Federation Security Services GuideTroubleshootingGeneral Issues › Cookie Domain Mismatch Errors

Previous Topic: Web Agent Option Pack Fails to Initialize Due to Invalid smjavaagent.dll

Next Topic: Error After Successful Authentication at Consumer/SP

Cookie Domain Mismatch Errors

Symptom:

After successful SAML authentication at consumer/SP site, user is still challenged by consumer/SP Web Agent because of cookie domain mismatch.

Solution:

Ensure that the producer/IdP and consumer/SP are not in the same cookie domain -- Federation Security Services does not support federation within the same cookie domain; it requires the use of separate cookie domains at the producer/IdP and consumer/SP sites. Additionally, you should ensure that the CookieDomainScope Web Agent parameter is set to the appropriate value for your environment (see information about single sign-on in the SiteMinder Web Agent Configuration Guide.

If separate cookie domains are in use, ensure that the cookie domain specified in the Agent configuration matches the domain name specified in the requested target URL.

Copyright © 2010 CA. All rights reserved. Email CA about this topic