Symantec Access Management

 View Only
  • 1.  CA SSO : How to resolve "Missing required cookies, exiting"

    Posted Feb 15, 2018 02:38 AM

    Hi,

     

    I am working on setting up of new Siteminder platform. While testing an application with the basic authentication scheme, I am getting the below error

    “Missing required cookies, exiting”

     

    May I know how to troubleshoot this? I feel it is because of ACO settings and tried verifying the same.

    PFB ACO settings.

    RequireCookies=yes

    EnableCookieProvider=no

    CookieDomain=.abc.xyz

    CookieDomainScope=2

     

    Thanks.

     

    Regards,

    Dhilip

     

     

     



  • 2.  Re: CA SSO : How to resolve "Missing required cookies, exiting"

    Posted Feb 15, 2018 02:45 AM

    Hi Dliip, 

     

    Can you try accessing the application with FQDN and check if you are able to access the application, 

     

    Regards,

    Ram



  • 3.  Re: CA SSO : How to resolve "Missing required cookies, exiting"

    Posted Feb 15, 2018 05:16 AM

    Hi Ram,

     

    Thanks for your quick response. Yes, you are correct. Getting the expected behavior on launching the application with FQDN.

     

    I remember that we can get the expected behavior(accessing application with localhost) using multi values in agent name parameter of ACO. I used the below syntax

    <agent_name(which should be used)>, <server_name/localhost/VIP/IP>:<port_number(if applicable)>

     

    But I am not getting the expected behavior. Do I need to make any other changes?

     

    Thanks.

     

    Regards,

    Dhilip



  • 4.  Re: CA SSO : How to resolve "Missing required cookies, exiting"

    Posted Feb 15, 2018 02:46 AM

    Hi Dhilip,

     

    Check the value of ACO parameter - requirecookies 

     

    Set requirecookies=No and test.

     

    Refer : SiteMinder Browser Cookies - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation 

     

    Regards,

    Leo Joseph.



  • 5.  Re: CA SSO : How to resolve "Missing required cookies, exiting"

    Posted Feb 15, 2018 12:20 PM

    This should work with RequireCookies=YES.



  • 6.  Re: CA SSO : How to resolve "Missing required cookies, exiting"
    Best Answer

    Posted Feb 19, 2018 01:23 AM

    You have invalid configuration.

    You have set "CookieDomain=.abc.xyz"

    So, if even if you access resource using local host http://localhost/resource, web agent is going to set the cookie domain for the SMSESSION cookie to .abc.xyz.

     

    This cookie is NOT submitted by the browser when you then access http://localhost.

    You will need to have HOST only cookie for this to work.

    So , try commenting CookieDomain and CookieDomainScope params.

     

    You can verify this from fiddler.



  • 7.  Re: CA SSO : How to resolve "Missing required cookies, exiting"

    Posted Feb 19, 2018 02:17 AM

    Hi Ujwol,

     

    Thanks for your response. I agree with your point.

     

    But, I remember that we were getting the expected behavior (protecting the application with server_name/VIP/IP/localhost) without commenting out CookieDomain/CookieDomainScope (while I was working in my previous organization). I am not sure if any server configurations were performed (we were using IIS webserver) but we were using multivalue for agent parameters(localhost is one among those). Currently, I am using apache webserver(in Windows OS), I hope this behavior is irrespective of webserver.

     

    1. I noticed the below lines in your response, I didn't understand clearly. Does this mean, we are using this agent to protect the application only using localhost?

          <<

          You will need to have HOST only cookie for this to work.

          >>

     

    2. Is there a way to achieve the expected behavior without commenting out CookieDomain/CookieDomainScope?

     

    Thanks.

     

    Regards,

    Dhilip



  • 8.  Re: CA SSO : How to resolve "Missing required cookies, exiting"

    Posted Feb 19, 2018 05:30 AM
    Try 

    ForceCookieDomain=yes

    ForceFQHost=yes




  • 9.  Re: CA SSO : How to resolve "Missing required cookies, exiting"

    Posted Feb 20, 2018 04:16 AM

    Hi Ujwol,

     

    I think ForceCookieDomain and ForceFQHost will be handy only if we use short name of the server (instead of FQDN) as I could see that localhost is getting redirected to localhost followed by domain name (In this case, localhost.abc.xyz) resulting in 'Page cannot be displayed'.

     

    Thanks.

     

    Regards,

    Dhilip



  • 10.  Re: CA SSO : How to resolve "Missing required cookies, exiting"

    Posted Feb 20, 2018 04:27 AM

    Then you are out of luck.



  • 11.  Re: CA SSO : How to resolve "Missing required cookies, exiting"

    Posted Feb 20, 2018 05:08 AM

    Haha...  But, I am sure that it is possible to protect the application using localhost/IP/VIP/short name of the server/FQDN of the server as I have tested this configuration before but not sure about how it was implemented.

     

    Regards,

    Dhilip