Configuring a Cookie Provider, once user has logged in first domain, it's asked to enter credentials for the second domain again.

Document ID : KB000008769
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

We're running 2 Web Agents, when the browser tries to access a URL in the domain ".myhost.mydomain.myservice" after having been authenticated in domain ".myhost.myspecialdomain.com", then the user needs to provide credentials again, and we would expect it to be automatically logged in and perform SSO. 

The SMSESSION cookie for the Cookie Provider domain .myhost.mydomain.myservice is not getting created before going to the protected resource on ".myhost.myspecialdomain.com" 

How can we solve this issue ?

Environment:
Policy Server R12.52 SP1
Resolution:

The Cookie Provider had the ACO Parameter limitcookieprovider set to YES. This means that the Cookie Provider won't create any cookie for the cookie provider domain.

 

To solve the issue, you need to set the limitcookieprovider to NO on the Cookie Provider.

 

Sample of the configuration :

 

Cookie Provider 

 

http://host-U203313.myhost.mydomain.myservice/protected/index.html 

 

[18648/2428991232][Mon Sep 11 2017 16:18:34] cookiedomain=''. 

[18648/2428991232][Mon Sep 11 2017 16:18:34] cookiedomainscope='0'. 

[18648/2428991232][Mon Sep 11 2017 16:18:34] enablecookieprovider='yes'. 

[18648/2428991232][Mon Sep 11 2017 16:18:34] limitcookieprovider='no'. 

[18648/2428991232][Mon Sep 11 2017 16:18:34] trackcpsessiondomain='yes'. 

[18648/2428991232][Mon Sep 11 2017 16:18:34] tracksessiondomain='yes'. 

 

Agent 

 

http://host-U203312.myhost.myspecialdomain.com/protected/index.html 

 

[14869/738195200][Mon Sep 11 2017 16:18:34] cookiedomain='.myhost.myspecialdomain.com'. 

[14869/738195200][Mon Sep 11 2017 16:18:34] cookiedomainscope='0'. 

[14869/738195200][Mon Sep 11 2017 16:18:34] cookieprovider='https://host-u203313.myhost.myspecialdomain.com/SmMakeCookie.ccc'. 

[14869/738195200][Mon Sep 11 2017 16:18:34] enablecookieprovider='no'. 

[14869/738195200][Mon Sep 11 2017 16:18:34] limitcookieprovider='no'. 

[14869/738195200][Mon Sep 11 2017 16:18:34] tracksessiondomain='yes'.