Symantec Access Management

 View Only

Tech Tip : CA Single Sign-On : With a SSO login to Spectrum established a SSO connect to CAPC re-challenges when it should not. 

  • 1.  Tech Tip : CA Single Sign-On : With a SSO login to Spectrum established a SSO connect to CAPC re-challenges when it should not. 

    Broadcom Employee
    Posted Jun 26, 2018 09:52 AM

    Issue:


    We're running SPS, when a user tries to access Spectrum Portal with an
    existing session created in SOI application, the SPS request the
    user to login again.

    We'd like to get the user to login automatically.

    The logs shows :

    2. [06/08/2018][18:29:34][6594][107916144][ce118406-d218601c-6c4c0407-
    0d752d5c-e4c679ea-16][CSmHttpPlugin::ProcessResource][Resolved
    URL:
    '/affwebservices/redirectjsp/redirect.jsp?SAMLRequest=fZFda8MgGIX%2
    FSvA%2BatKSGKkpZaVQ6G76sYvdDGPsGpZo5mu6%2FfxJ2m4dg10Iip5z3vM4m392bX
    TWDhprBEowRZE2ytaNeRXosF%2FFDM3LGciuTXu%2BGPzJbPX7oMFHQWiAX24EGpzhV
    kID3MhOA%2FeK7xaPG55iyntnvVW2RdECQDsfoh6sgaHTbqfduVH6sN0IdPK%2B54T0
    SpvY1zFNOJuwhABYMqaQQxB%2FO1yVKFqGYRoj%2FVjgjwf2Ne4ANy3gN2U7HBZntKB
    EHo8fuoKLC5B%2BqNpGXYJCIopW1ik9FhboKFsISeulQC95USW5YkXK6KTKsyxsapYV
    eZamesqqaXgGMOi1AS%2BNFyilCYtpFlO2T3KeMj4p8DSjzyh6ulEPjNCVMR%2FF7h7
    u%2F2zljQcqf0rPyL1ZeT3%2B%2Fr%2FyCw%3D%3D&RelayState=SsoProductCode
    %3Dpc%26SsoRedirectUrl%3Dhttp%3A%2F%2Fmyserver.mydomain.com%2Fmyapp
    %26SMPORTALURL%3Dhttp%3A%2F%2Fmyserver.mydomain.com%2Faffwebservice
    s%2Fpublic%2Fsaml2sso&SAMLTRANSACTIONID=14fd1531-15237ed5-29403a96-
    5f38e1c6-c5c3e37c-04e'.]

    3. [06/08/2018][18:29:34][6594][107916144][ce118406-d218601c-6c4c0407-0d
    752d5c-e4c679ea-16][CSmHttpPlugin::ProcessSessionCookie][SMSESSION
    cookie is custom from a third party and not accepted.]

    How can we solve this ?

     

    Environment

     

    Siteminder Policy Server version 12.52 SP1 on Win2008R2SP1;
    CAPC 3.2 and SPS 12.52 on Linux6.9;

     

    Resolution:

     

    On Agent ACO "MySPS" for Agent "sps" define

    Configure Support for SDK Third-Party Cookies

    AcceptTPCookie=yes

    instead of

    #AcceptTPCookie=yes

    and restart the CA Access Gateway (SPS);

     

    KB : KB000101511