VIP (Validation ID Protection)

  • Private Community
 View Only

Back to discussions
Expand all | Collapse all

SiteMinder & VIP Integration: 500 Error caused by Browser Extensions (SMAUTHCHAIN cookie missing)

  • 1.  SiteMinder & VIP Integration: 500 Error caused by Browser Extensions (SMAUTHCHAIN cookie missing)

    Posted Feb 05, 2026 02:31 PM

    Hi everyone,

    I am facing a strange issue with a SiteMinder and Symantec VIP Service integration where we use VIP for 2FA.

    The Issue: We are encountering an HTTP 500 error immediately after the user accepts the VIP Push challenge. After extensive testing, we isolated the cause to specific browser extensions in Chrome and Edge (specifically Adobe Reader and Grammarly).

    • With extensions enabled: The authentication fails with a 500 error after the push.

    • With extensions disabled/Incognito mode: The authentication flow works perfectly.

    It appears these extensions might be interfering with the cookie flow or the HTTP headers during the handoff, specifically affecting the SMAUTHCHAIN cookie.

    Error Logs: In the logs, we see that the SMAUTHCHAIN cookie is seemingly not received or is considered expired precisely when the extensions are active:

    ------------------------
    [02/04/2026][16:41:53][2xxx2][1399xxxxxxxx4528][6cyyyy2c-43d7-4adb-xxxxxxxx-xxxxxxxx5-
    8e6][FWSBase.java][authenticateUser][Error - SMAUTHCHAIN cookie is either
    not received or expired.]
    • [02/04/2026][16:41:53][2xxx2][1399xxxxxxxx4528][6cyyyy2c-43d7-4adb-xxxxxxxx-xxxxxxxx5-
    8e6][BCTokenController.java][processFailedAuthentication][User authentication
    failed. Auth reason failure code: 0]
    • [02/04/2026][16:41:53][2xxx2][1399xxxxxxxx4528][6cyyyy2c-43d7-4adb-xxxxxxxx-xxxxxxxx5-
    8e6][BCTokenController.java][getRedirectUrlFromAttributes][Response Attributes:]
    • [02/04/2026][16:41:53][2xxx2][1399xxxxxxxx4528][6cyyyy2c-43d7-4adb-xxxxxxxx-xxxxxxxx5-
    8e6][BCTokenController.java][getRedirectUrlFromAttributes][Redirect URL from
    attributes : null]
    • [02/04/2026][16:41:53][2xxx2][1399xxxxxxxx4528][6cyyyy2c-43d7-4adb-xxxxxxxx-xxxxxxxx5-
    8e6][FWSBase.java][removeSmAuthchainCookie][Removing cookie:
    SMAUTHCHAIN]
    • [02/04/2026][16:41:53][2xxx2][1399xxxxxxxx4528][6cyyyy2c-43d7-4adb-xxxxxxxx-xxxxxxxx5-
    8e6][BCTokenController.java][processFailedAuthentication][Transaction with ID:
    6cyyyy2c-xxxxxxxxxxxxxxxxx-52f71c91-28e44fd3-
    xxxxxxxx5-8e6 failed. Reason: FWSB_USER_AUTHENTICATION_FAILED]
    • [02/04/2026][16:41:53][2xxx2][1399xxxxxxxx4528][6cyyyy2c-43d7-4adb-xxxxxxxx-xxxxxxxx5-
    8e6][BCTokenController.java][processFailedAuthentication][Ending the request
    processing with the HTTP response code: 500]
    ---------------------

    Question: Has anyone experienced browser extensions stripping or blocking the SMAUTHCHAIN cookie during the VIP Auth response? Are there any recommended headers or configuration settings in the Web Agent to prevent these extensions from inspecting/blocking this traffic?

    Any insights would be appreciated.

    Thanks.



    -------------------------------------------


  • 2.  RE: SiteMinder & VIP Integration: 500 Error caused by Browser Extensions (SMAUTHCHAIN cookie missing)

    Broadcom Employee
    Posted Feb 06, 2026 08:13 AM

    Hi Julian,

    Please open a support case so we can properly troubleshoot this issue with you.

    Best,

    Rob

    -------------------------------------------

    Original Message