Hello All,
We have a federation partnership between A.com(Okta) and B.com(siteminder)
On B.com (siteminder) , we have cookie provider configuration where C.com is trusting cookies from B.com. means B.com is acting as a cookie provider and we have ca webagent on C.com.
When i just access C.com, it gets the siteminder login page (from cookie provider) and we get the access.
However in the federation configuration, on IDP side (Okta), we are giving relay state parameter as C.com URL, and on SP side(Siteminder partnership) we are checking the checkbox so that relay state overrides the target URL.
When we are not using RelayState parameter (Either blank on IDP or not checking Relaystate overrides Target in SP partnership), it is working fine.
But with relay state enabled, It's failing with error in FWSTrace logs as invalid cookie domains.
Below is the error message:
FWSBase.java][validateTarget][Target: https://dev.apps.abc.com/ is not in the CookieDomain: .xyz.com]
[AssertionConsumer.java][getRealmForTarget][Can not redirect to a target - https://dev.apps.abc.com/ outside the local Cookie Domain.]