Layer7 Access Management

Expand all | Collapse all

domain

Jump to Best Answer
  • 1.  domain

    Posted 11-30-2017 03:53 PM

    Hi There,

    After authentication with siteminder, I see two SMSESSIONs one is with .mydmn.com and another with www.test.mydmn.com in the broswer.I am just looking to have only one smcookie with .mydmn.com.

    However, i have mentioned the cookiedomain name as .mydmn.com and domain scope as 2 in aco.Please advice.



  • 2.  Re: domain

    Posted 11-30-2017 06:12 PM

    Are there two different agents involved ? One for protecting the resource ..and another for login ?

    Do you have cookiedomainscope/cookiedomainname set to same value in both the agent ?

     

    If not, agent trace log with the fiddler would be required to be analyzed.



  • 3.  Re: domain

    Posted 11-30-2017 06:25 PM

    Only one agent and one aco involved.In that aco i had domainname as .mydmn.com and domainscope-2.For instance my url look alike http://test.mydmn.com/protectedresouce . Due to some reason I see two cookies one with domain .mydmn.com and another is test.mydmn.com.



  • 4.  Re: domain

    Posted 11-30-2017 06:31 PM

    can u attach agent trace and fiddler log for review?

     

    Sent from my iPhone



  • 5.  Re: domain

    Posted 11-30-2017 06:41 PM

    I don't see any attachment icon here to attach it.



  • 6.  Re: domain

    Posted 11-30-2017 06:46 PM

    You will need to change to advanced edit mode to be able to attach

     

    Sent from my iPhone



  • 7.  Re: domain
    Best Answer

    Posted 12-03-2017 11:08 PM

    Hi Sharath,

     

    How did you go with this?
    Last time I checked, you indeed have different agent instance for target (agent protecting resource) and the login (agent doing the login) agents.

     

    I asked you to match cookiedomain & cookiedomainscop for both of these agent and test.


    Let me know if you need help.

     

    Regards,

    Ujwol



  • 8.  Re: domain

    Posted 12-11-2017 11:22 AM

    Hi  Sharathbabu,

     

    Please refer to the following Knowledge Base Article witch explains how Web Agents determine the Cookie Domain for a request;

     

     

    How is the resolved Cookie Domain determined for a Single Sign On (fka SiteMinder) Agent? 

     

    It sounds like the user is accessing two different Agents with different settings for the CookieDomain and CookieDoaminScope settings, so the user is getting cookies set in two different Domains. Fiddler is a good tool to determine where the cookies are being set.

     

    Hope this helps,

     

    Rick