Hi Hubert,
That is correct, the ACO involved in this SAML authentication scheme is the WAOP ACO and I had tried changing many parameters related to cookie domain. What's strange is that this used to work until recently. Previously our SAML IDP partners could post there SAML assertion to either of the three domains, which all resolves to the same Apache web server with the WAOP and the appropriate SMSESSION cookie domain would be created based on which domain that the IDP posted to.
Recently we had some application DNS changes with the sub-domain (changing from http://app.com to http://www.app.com) this change caused some cookie domain issues for these apps as they try to invoke the SAML outbound SSO and getting rejected by WAOP due to cookie domain scope so we played around with the ACO cookie domain parameters of the WAOP ACO which eventually resolve this issue but now the "inbound" SAML authentication seems like it is only tied to one specific cookie domain for the WAOP ACO.
Below is the ACO parameters for the WAOP. The ".regence.com" domain is the only SMSESSION cookie domain being created by this ACO:
#more agent.log
[9780/4110384016][Sat Jul 14 2018 17:40:59] SiteMinder APACHE 2.2 WebAgent, Version 12.52 QMR01, Update HF-05, Label 2112.
[9780/4110384016][Sat Jul 14 2018 17:40:59] FileVersion: 12.52.0105.2112.
[9780/4110384016][Sat Jul 14 2018 17:40:59]
[9780/4110384016][Sat Jul 14 2018 17:40:59] FIPS 140 Cryptographic Mode is 'non-FIPS (compatibility)'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] ***** Begin Configuration *******************************************
[9780/4110384016][Sat Jul 14 2018 17:40:59] agentconfigobject='vlslcsmf02_aco'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] allowcacheheaders='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] allowlocalconfig='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] badurlchars='//,./,/.,/*,*.,~,\,%00-%1f,%7f-%ff,%25'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] cacheanonymous='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] cccext='.ccc'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] constructfullpwsvcurl='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] cookiedomain='.regence.com'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] cookiedomain='.asuris.com'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] cookiedomain='.bridgespanhealth.com'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] cookiedomainscope='0'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] csschecking='yes'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] decodequerydata='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] defaultagentname='vlslcsmf02'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] disableauthsrcvars='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] disabledotdotrule='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] disablesessionvars='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] disableusernamevars='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] enableauditing='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] enablemonitoring='yes'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] enablewebagent='YES'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] enforcepolicies='yes'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] fcccompatmode='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] fccext='.fcc'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] getportfromheaders='yes'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] hostconfigfile='/usr/pservices/ca/siteminder/webagent/config/SmHost.conf'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] httpsports='20001'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] ignoreext='.class,.gif,.jpg,.jpeg,.png,.fcc,.scc,.sfcc,.ccc,.ntc'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] ignorequerydata='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] legacyvariables='yes'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] loadplugin='/usr/pservices/ca/siteminder/webagent/bin/libHttpPlugin.so'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] logappend='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] logfile='yes'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] logfilename='/usr/pservices/ers/servers/smfss-stg/logs/agent.log'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] logfilesize='100'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] maxresourcecachesize='750'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] maxsessioncachesize='750'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] maxurlsize='4097'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] ntcext='.ntc'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] overrideignoreextfilter=''.
[9780/4110384016][Sat Jul 14 2018 17:40:59] persistentcookies='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] persistentipcheck='yes'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] proxyagent='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] proxytimeout='120'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] proxytrust='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] pspollinterval='30'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] requirecookies='yes'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] resourcecachetimeout='600'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] sccext='.scc'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] serverpath='/usr/pservices/ers/servers/smfss-stg/conf'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] sessiongraceperiod='30'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] sessionupdateperiod='60'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] setremoteuser='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] sfccext='.sfcc'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] ssotrustedzone='PPMOSM'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] targetasrelativeuri='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] traceappend='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] traceconfigfile='/usr/pservices/ca/siteminder/webagent/config/WebAgentTrace.conf'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] tracefile='yes'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] tracefilename='/usr/pservices/ers/servers/smfss-stg/logs/agenttrace.log'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] tracefilesize='100'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] transientidcookies='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] transientipcheck='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] useanonaccess='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] usesecurecookies='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] usesecurecpcookies='no'.
[9780/4110384016][Sat Jul 14 2018 17:40:59]
[9780/4110384016][Sat Jul 14 2018 17:40:59] SiteMinder Agent API Host Configuration:
[9780/4110384016][Sat Jul 14 2018 17:40:59]
[9780/4110384016][Sat Jul 14 2018 17:40:59] enablefailover='NO'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] hostname='vlslcsmf02.regence.com'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] maxsocketsperport='20'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] minsocketsperport='2'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] newsocketstep='2'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] policyserver='vlslccasso02.regence.com,44441,44442,44443'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] policyserver='vlslccasso03.regence.com,44441,44442,44443'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] requesttimeout='60'.
[9780/4110384016][Sat Jul 14 2018 17:40:59] ***** End Configuration *********************************************
[9780/4110384016][Sat Jul 14 2018 17:40:59]
[9780/4110384016][Sat Jul 14 2018 17:40:59][LLAWPLogQ.cpp:661][INFO][sm-AgentFramework-00590] LLAWP: Logging initialized.
[9780/4110384016][Sat Jul 14 2018 17:40:59][LLAWPLogQ.cpp:676][INFO][sm-AgentFramework-00630] LLAWP: Tracing initialized.
[9780/4136671456][Sat Jul 14 2018 17:40:59][LLAWorkerProcess.cpp:1552][INFO][sm-AgentFramework-00680] LLAWP: Initialization complete.
[9780/4087348112][Sat Jul 14 2018 17:40:59][LLAWPMsgBus.cpp:419][INFO][sm-AgentFramework-00660] LLAWP: Message bus initialized.