Hi,
Are you guys able to fix this issue? I am getting the same error.
FWSTrace.log
[06/20/2020][00:34:42][44138][140318359791360][2353ed7a-77800f6d-6da7223d-e1c7dbb9-cc259d1b-c40][FWSBase.java][isSessionIdle][Verifying validity of session cookie [DEVSMSESSION] retrieved]
[06/20/2020][00:34:42][44138][140318359791360][2353ed7a-77800f6d-6da7223d-e1c7dbb9-cc259d1b-c40][FWSBase.java][isSessionIdle][returning true]
[06/20/2020][00:34:42][44138][140318359791360][2353ed7a-77800f6d-6da7223d-e1c7dbb9-cc259d1b-c40][FWSBase.java][isValidSession][Session is Idle]
[06/20/2020][00:34:42][44138][140318359791360][2353ed7a-77800f6d-6da7223d-e1c7dbb9-cc259d1b-c40][SSO.java][processRequest][Force Authn is disabled.]
[06/20/2020][00:34:42][44138][140318359791360][2353ed7a-77800f6d-6da7223d-e1c7dbb9-cc259d1b-c40][SSO.java][processRequest][Current session state is: false]
[06/20/2020][00:34:42][44138][140318359791360][2353ed7a-77800f6d-6da7223d-e1c7dbb9-cc259d1b-c40][SSO.java][processRequest][Current session is not a valid session.]
affwebserv.log
[44138/140318359791360][Sat Jun 20 2020 00:34:42][isSessionIdle][ERROR][sm-FedClient-01570] SAML2 Request contains too many SERVERSESSIONID headers. Session is considered invalid and user must relogin. Service encounters the following error while processing request: {1}.
------------------------------
Solutions Architect
1Worldsync
------------------------------
Original Message:
Sent: 12-30-2019 02:34 AM
From: Patrick Dussault
Subject: Re: Tech Tip: CA Single Sign-On :: Set 'DisableSessionVars = NO' for Single Sign-On SAML
Hi Hugo and Naveen,
This looping might occur if the Authentication URL for your Federation
journey is not protected.
Request Looping Between Authentication URL and Federation URL
https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=75133
Federation IdP initiated transaction entering in a redirection loop
https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=6225
I hope this helps,
I wish you an Happy New Year 2020, for you all and your families !
Best Regards,
Patrick
Original Message:
Sent: 12-27-2019 09:27 AM
From: Hugo Higashi
Subject: Re: Tech Tip: CA Single Sign-On :: Set 'DisableSessionVars = NO' for Single Sign-On SAML
Hi Naveen
Did you get this issue resolved? I am getting the same error and behavior. It seems I am getting a kind of loop of redirects.
I am getting the same messages on FWSTrace.log file and my configurations (DisableSessionVars = no and ignoreurl is completely commented out) are the same as yours.
I hope you can still remember what you did in the past.
Regards
Hugo
Original Message:
Sent: 05-30-2018 12:49 PM
From: Naveen
Subject: Re: Tech Tip: CA Single Sign-On :: Set 'DisableSessionVars = NO' for Single Sign-On SAML
Hey Sharana,
we are using siteminder web agent option 12.52 SP1 CR05 and policy server 12.52 SP1 CR06 and both running on RHEL 6.x operating system. As recommended we made the change DisableSessionVars = no and ignoreurl is completely commented out. But we are still getting the following error.
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][isSessionIdle][Request doesn't contain session ID header. Session cookie[SMSESSION]is not valid.]
FWSTrace.log
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][SSO.java][processRequest][RealmOID: 06-0004ef14-af78-17f2-83d8-11180a5640d7]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][SSO.java][processRequest][Request to validate the session [CHECKPOINT = SSOSAML2_SESSIONCOOKIEVALIDATE_REQ]]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][isValidSession][Checking for valid SESSION cookies.]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie name: dtPC]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie value: 1$97702640_273h-vJDJMBSOOEFEBWINIOPBPFMBHGKCNENHM]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie name: dtSa]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie value: -]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie name: dtLatC]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie value: 2]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie name: SMSESSION]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie value: uKFpRlJ/u1kg+ynTJNSqIrPsLf3xg0gXgY41oEAUkRz04AX9aCKAYlP6AGZh86YB1YAjX5nYp6neH3QqQsaKI0o4IYNdByTG9RFGL+MkisvbbKgERHgM5HXHBmrLmjBfXI131CFmX9QdyIAHgYwDuZv2To0GScdr0RKCLbS6/drwM+zY0BTL5qdb7PkZTuD1gzrnrHSWjD11JTcGA//U2Vk/HqmWpmYDh6npAvH5H+m3dhqCjp3EHoUwM6mgp+5+VttbeuviBRpEz6pZjnTXgWz70pEzVeSHG7z24NH2x8vAguLhPN0LWKyFstQPz/ZRdhao8n9bu4QpUfZfROF53ZxIeTT2g77rXiPsx8a2j+DPJJZv14B2QZMQln6lF40GPq9wuR/L+06adS7/JvCIfr9ykCY+vxTzA5PwxhsJFb9iixJcx5MPv7aC91I4gPd0/LTj4YNEiCFM3pmzVoUSuB258M8AFHvceysetD189gfMNXXqmpIpdVWWWCT+2MowucDMIiZlZhTwfZB3Vw77ANpppkCV2vA0qNV8QGopTr/GTKKJdcNL39wTQyEvWcMp+G2+LnZmj+Bn2xjeGvkDOkb1lLDIsmN/c3JCHJhLbMwk5f6Mu3ZnJV1i7id5gcxR1HtOHh91gl2k4vLRI7WqbggsvRzVb5DUSujB8Yhux1T4kVvC0p9E9rnaiNqQjcuMssMEB+4wWx/XhNT0smn2MHN1Oua0VORnZOIBSr7I8GNTwdKjspXH0wE5aRkwICwcU1syPeR+zgX/MyeN0cfYEbuedt5f0l9O/gwm8nQd1JJrmjYF8M3SvP+R99qJHf6QKOYsdt4qLAMuXcpE7BbTJ23yHvNqyzZMK/0AWx8alQnG5Cgm6MsEjHUVVANeH1AYQqxh+YNr6tbcCvKQudcZVS35fy7TWOuCqFBcKDJC48+hRwN6KFCDrT/4i6mMUdznKhGaRSyHszbWRrq04Caeo6ID0bNkszTFrveEDh0o9VP6TGicVwTD6WUcRkmQTZnEzuX+9uoC5m+KfkgxVsKVZqd3FCC46YYV+p11gHOhHdwQ6mPiXwErhos+q92wiYvo9r3eaykUa3DQhU4avyWgQ0ffsGt03WLDRZuZAaHCFEAHqNwLqvxI9kjuSWoI/P8NaZgRRg8LeNwpOCHRY+Ufsl+ZhIQAvrKAswmHs8Kz/+5OjOWpvGlRFQDm99jyBxoIAnw3so+5/7EowY0FMKB6qjFHVotxr8m2]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie name: rxvt]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie value: 1527699510087|1527697702671]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie name: dtCookie]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie value: 1$86CC7C994727F98B99882D3102386B15|mycompass.amfam.com|1|intaq80g.amfam.com|1]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie name: AMCV_5DBA123F5245B1E00A490D45%40AdobeOrg]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie value: 1406116232%7CMCIDTS%7C17666%7CMCMID%7C89057443310551560063826497744159277080%7CMCAAMLH-1526936312%7C7%7CMCAAMB-1526936312%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1526338711s%7CNONE%7CMCSYNCSOP%7C411-17673%7CMCAID%7C2D7CFC3B851D2E9B-60000136A0003817%7CvVersion%7C2.5.0]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie name: mbox]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie value: session#c0b0bbec662641e48ede8acc04076044#1526333374|PC#775642ed57bc447586ba5d8a64077fde.17_45#1589576314]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie name: s_nr]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie value: 1526331513278-New]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie name: __CT_Data]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie value: gpv]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie name: _CT_RS_]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie value: Recording]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie name: WRUIDAWS]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie value: 1740982087352601]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie name: rxVisitor]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie value: 1527697702660C51NCCA9EL950R8PDKUO1S2UNOD1QG6F]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie name: NSC_jouea25o-wjq-iuuq-80]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][(request cookie array) cookie value: ffffffff095e4f6045525d5f4f58455e445a4a423660]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][getSessionData][session cookie name: SMSESSION]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][isValidSession][Found SESSION cookie: SMSESSION]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][isValidSession][Trying to validate using SMSESSION cookie.]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][isValidSession][Session ID is: LLWE21CQV8+ERQEbsKw163uo/so=]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][isValidSession][Session Spec is: QDqb+82nr7qi6WA8C7VgKsjuaRXmxtrUSBQqw608Cr6A5YOJOMD1Nj5bkttRMKPglZ4nY6en2/jKkL4+TFABNKF3Eet8qVLpwjskmO3w6DULTxfLeDzDIAPC/CEsGzRAcLugWIcE8+NZ8bCC1SxrpBZGmVnxbak4g2OhOh9dF3B159Ih9JAMIvSK+74kd2FS/0LLkTyN3vHkQ0pGSWfEjjF9EoUsZfU1FHEPaokGXBPNkKRnxvy0dgVrZXqT2Kk5nkfX2xvKv58bjB7B+sLZLtj9GjBdS9LKvscjbLfNfaa7z2attz+OmtNUOMItqOaPG0TJotHdt1Gm3b57tiF4SXEply0NmqwmPBRZQ7jpsTK6urBvnZo2gYAy0CpLjeE2mGlv7ELDgwXXMMUCt3V7VU/avpQPExoHNqZv1z09vbvttILVATO+7AyA6eo9LaC5DjRIfOf1a/4LwQqHxi+xhSsMFYUAfp7UagqoDzpEMuh8YJ5onxU0uKOkGgtr0kLO]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][isSessionIdle][Verifying validity of session cookie [SMSESSION] retrieved]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][isSessionIdle][Request doesn't contain session ID header. Session cookie[SMSESSION]is not valid.]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][isSessionIdle][returning true]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][FWSBase.java][isValidSession][Session is Idle]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][SSO.java][processRequest][Force Authn is disabled.]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][SSO.java][processRequest][Current session state is: false]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][SSO.java][processRequest][Current session is not a valid session.]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][SSO.java][processRequest][Session cookie does not exists. redirecting to authentication url [CHECKPOINT = SSOSAML2_AUTHENTICATIONURL_REDIRECT]]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][SSO.java][getLocalServiceURL][Enter getLocalServiceURL]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][SSO.java][getLocalServiceURL][Using Proxy URL for local SSO service: http://example.com/affwebservices/public/saml2sso]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][SSO.java][processAuthentication][Not using secure authentication URL.]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][SSO.java][processAuthentication][SAMLTransactionID 1a8bfc18-e0b94a74-1e59e128-77e609d9-797b24aa-e9c maps to TransactionID: 1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2.]
[05/30/2018][11:28:30][72242][2577520384][1634bae6-f3610516-4de00ce8-5c290c12-7a4eeb43-2][SSO.java][processAuthentication][SAML2 Single Sign-On Service redirecting to authentication URL: https://example-iwa.com/samlredirect/redirect.asp?SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SPID=https://sp.com/DP/SSO/SAML/DPAssertionConsumerService.aspx&SAMLTRANSACTIONID=30cd6da6-f5e5880c-a35318a9-56b36fca-0ea3c4e4-ea&SAMLTRANSACTIONID=80466740-523734cf-6bfab3ab-8b3b0cfe-ae1b791d-92&SAMLTRANSACTIONID=1388d44e-a3ef8a7e-ee0345d6-3ebcdc8d-70417b8f-6a0&SAMLTRANSACTIONID=1fb51037-a5fa92a9-1ae27da4-734c7cdf-b49f7d63-2bf&SAMLTRANSACTIONID=155e5fb3-4c58a8a5-5a51b729-0e630e07-396c5676-e8d&SAMLTRANSACTIONID=163b58f3-b6056124-b32b9544-e2abc0c0-6bc6268b-52&SAMLTRANSACTIONID=79ecf353-3ceb39a1-f2677cba-2267f5e7-51e0941f-f&SAMLTRANSACTIONID=12a0219b-8554908a-bc8ad10d-97716e32-7d42aa22-43&SAMLTRANSACTIONID=23b00c75-1e2dc169-af2adb59-bcd6d6ac-9f1ddadd-843&SAMLTRANSACTIONID=c65f79de-80e760c3-acfb63ff-89c0aea4-35a882c9-7&SAMLTRANSACTIONID=38581f1d-9649c9a0-bf23f8e4-04e498a8-b48a117f-92&SAMLTRANSACTIONID=3239e4f0-fa037e06-49e0eab3-28d758e4-62298001-4&SAMLTRANSACTIONID=85bbf758-29d72704-23e61b38-0f488663-c6033fd8-d2&SAMLTRANSACTIONID=d23955af-c42f236d-de343b74-986840ed-0dd1f8a6-2&SAMLTRANSACTIONID=54df9f9e-73b00814-fbb35dca-3e35c0e4-84d427a3-c8&SAMLTRANSACTIONID=20a16b10-dd210a01-b4f05717-420f5c94-ef9eecb0-52&SAMLTRANSACTIONID=104a9604-84afa3cf-4070c82b-90475239-cabe56ef-75&SAMLTRANSACTIONID=419b35c2-50cc24fd-374c4b7c-929c2006-23268416-53&SAMLTRANSACTIONID=15369c19-2f8b61cd-529acae6-f9e86a1d-0e0e46b7-a5&SAMLTRANSACTIONID=4c85c9df-7ad96335-a3f13015-892f8bc4-f2fd388b-2&SMPORTALURL=http%3A%2F%2Fexample.com%2Faffwebservices%2Fpublic%2Fsaml2sso&SAMLTRANSACTIONID=1a8bfc18-e0b94a74-1e59e128-77e609d9-797b24aa-e9c.]
Any help is greatly appreciated.
Thank you,
Naveen