Hello,I have recently been facing the issue above when trying to redirect any user from my WebAccess Controlinfrastructure to my Web Access Management Infrastructure in order to be authenticated with a higher Authentication LevelIn fact the first user gets authenticated and then got an SMSESSION with an authentication Level of 5.After that the user tries to access an application that needs a higher authentication levelSo the user is being redirected to the WAM I, nfrasturctureto GET an SMESSION cookie with a higher authentication LevelThe problem is that after getting a SAML Assertion
between the WAM and the WAC infrastructure, we could easily generate the Smsession cookie in the Federation domaine.But whenever we had already generated a cookie in the WAC domain within AuthentLevel of 5, our cookie provider does not modifier the Authentication Level, it has only validated the session of the user.So we still have the SMSESSION with Authentication Level of 5, and then could not Access to the Application ant then the authentication scheme is called Back, so we went in an undetermined loop.Could anyone help us on how to kill the SMSESSION cookie before going to the WAM infrastructure.
Policy Server Version : 12.5.0
WebAgent version : SiteMinder APACHE 2.2 WebAgent, Version 12.0 QMR03, Update HF-13, Label 950
To kill an SMSESSION cookie you just need to set a new cookie with the name SMSESSION and a value like "Logged Out", with / as the path and appropriate domain. That will overwrite the existing SMSESSION cookie with a value that the web agent will reject.