CA SSO (Previously Siteminder) uses the SMSESSION cookie in the browser session for SSO. The browser cannot be configured to reject third party cookies. If the browser does not allow third party cookies, then SSO will fail. In a browser trace you would see the Response include the SMSESSION cookie, however in the next GET, the cookie is not present in the GET. The Web Agent would redirect the user back to the credential collector and a login loop would ensue.
1) Launch Google Chrome
2) Open Settings
3) 'Click on "Show Advanced Settings"
4) Scroll down to "Privacy"
5) 'Click' on the "Content Settings" button
6) Make sure the "Block third-party cookies and site data" is NOT CHECKED
Was this information helpful?