FWS Agent generates new Siteminder Session Cookie

Document ID : KB000046168
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue:

Upon upgrading Federation Gateway (SPS/ WAOP/ Federation Manager) from R12.5 to R12.52 release, notice new Siteminder Session cookie is generated by FWS Agent.

 

Environment:

Apply to R12.51, R12.52 SPS/ WAOP/ Federation Manager.

 

Cause:

Starting from R12.51 release, FWS Agent generates new Siteminder Session Cookie after validating existing session cookie successfully.

 

[07/26/2016][14:18:30][5158][819177216][aa0f058d-db896087-989afade-0ae9ff38-bff7510a-aa][FWSBase.java][createSessionCookie][Validating input...]
[07/26/2016][14:18:30][5158][819177216][aa0f058d-db896087-989afade-0ae9ff38-bff7510a-aa][FWSBase.java][createSessionCookie][Creating the smsession cookie for SP domain [CHECKPOINT = SSO_SMSESSIONFORSPDOMAIN_REQ]]
[07/26/2016][14:18:30][5158][819177216][aa0f058d-db896087-989afade-0ae9ff38-bff7510a-aa][FWSBase.java][createSessionCookie][Recived valid input. Attempting to create SESSION cookie.]
[07/26/2016][14:18:30][5158][819177216][aa0f058d-db896087-989afade-0ae9ff38-bff7510a-aa][FWSBase.java][createSessionCookie][session id is: /aaacaUi9lUagDH0dzMusCfdzsw=]
[07/26/2016][14:18:30][5158][819177216][aa0f058d-db896087-989afade-0ae9ff38-bff7510a-aa][FWSBase.java][createSessionCookie][About to create SESSION cookie.]
[07/26/2016][14:18:30][5158][819177216][aa0f058d-db896087-989afade-0ae9ff38-bff7510a-a][FWSBase.java][createSessionCookie][Placing smsession in browser [CHECKPOINT = SSO_PLACESMSSESSIONTOBROWSER_REQ]]

 

FWS Agent can reference Agent Config Object that differs from the frontend webagent. The following parameters are applicable to FWS Agent:

  • DefaultAgentName
  • TransientIDCookies
  • AcceptTPCookie
  • TransientIPCheck
  • CookieDomain
  • CookieDomainScope
  • SSOZoneName
  • SSOTrustedZone
  • FedDeploymentMode
  • FedSmConnectorEnabled
  • UseSecureCookies

 

Resolution:

 

Ensure that the session cookie generated by FWS Agent matches the criteria (cookie domain, secure flag) for single sign-on.