Layer7 Access Management

Expand all | Collapse all


Jump to Best Answer
  • 1.  domain

    Posted 11-30-2017 03:53 PM

    Hi There,

    After authentication with siteminder, I see two SMSESSIONs one is with and another with in the broswer.I am just looking to have only one smcookie with

    However, i have mentioned the cookiedomain name as and domain scope as 2 in aco.Please advice.

  • 2.  Re: domain

    Posted 11-30-2017 06:12 PM

    Are there two different agents involved ? One for protecting the resource ..and another for login ?

    Do you have cookiedomainscope/cookiedomainname set to same value in both the agent ?


    If not, agent trace log with the fiddler would be required to be analyzed.

  • 3.  Re: domain

    Posted 11-30-2017 06:25 PM

    Only one agent and one aco involved.In that aco i had domainname as and domainscope-2.For instance my url look alike . Due to some reason I see two cookies one with domain and another is

  • 4.  Re: domain

    Posted 11-30-2017 06:31 PM

    can u attach agent trace and fiddler log for review?


    Sent from my iPhone

  • 5.  Re: domain

    Posted 11-30-2017 06:41 PM

    I don't see any attachment icon here to attach it.

  • 6.  Re: domain

    Posted 11-30-2017 06:46 PM

    You will need to change to advanced edit mode to be able to attach


    Sent from my iPhone

  • 7.  Re: domain
    Best Answer

    Posted 12-03-2017 11:08 PM

    Hi Sharath,


    How did you go with this?
    Last time I checked, you indeed have different agent instance for target (agent protecting resource) and the login (agent doing the login) agents.


    I asked you to match cookiedomain & cookiedomainscop for both of these agent and test.

    Let me know if you need help.




  • 8.  Re: domain

    Posted 12-11-2017 11:22 AM

    Hi  Sharathbabu,


    Please refer to the following Knowledge Base Article witch explains how Web Agents determine the Cookie Domain for a request;



    How is the resolved Cookie Domain determined for a Single Sign On (fka SiteMinder) Agent? 


    It sounds like the user is accessing two different Agents with different settings for the CookieDomain and CookieDoaminScope settings, so the user is getting cookies set in two different Domains. Fiddler is a good tool to determine where the cookies are being set.


    Hope this helps,