Symantec Access Management

 View Only
  • 1.  SMSESSION cookie - resolved hostname does not match TARGETH

    Posted Sep 03, 2019 03:52 PM

    Hi Team,

    We are facing an issue with password warning / password about to expiry scenario.  Can you please have a look at the below details and provide your thoughts.

    1. Assume that the user's password expires every 30 days and the password expiry warning message should be displayed 15 days before the password expiry.

    2.  The user whose password is going to expire in the next 15 days gets redirected to the page where user can choose "change password now" / "continue without changing the password" options.

    3. We are having an issue in the scenario where the user selects "continue without changing password" option. For some reason Web Agent doesn't validate the SMSESSION though the SMSESSION is surely a valid session.

    I have troubleshooted the issue from my end and I don't see any ERRORS from policy servers. I only see the below error logs from Web Agent Trace Logs

    [SMSESSION cookie - resolved hostname does not match TARGETH '<our password service URL is shown here>'

    [Unable to process SMSESSION cookie.]

    Just want to add few more details on the ACO parameters: 

    CookieDomainScope : 2
    TrackSessionDomain : no
    CookieProvider : Not configured


    Did anyone of you come across this error before. Can you please provide some thoughts on this.




  • 2.  RE: SMSESSION cookie - resolved hostname does not match TARGETH
    Best Answer

    Broadcom Employee
    Posted Sep 04, 2019 02:14 AM
    Hi Gopi,

    How many Web Agents are involved in the flow ? What are the URL FQDN
    visited ? What are the Web Agent versions ?

    The log line shows that 1 of the Web Agent set TARGETH :

    [SMSESSION cookie - resolved hostname does not match TARGETH '<our
    password service URL is shown here>'

    ref.:

    SMSESSION cookie - resolved hostname does not match TARGETH
    https://community.broadcom.com/enterprisesoftware/communities/community-home/digestviewer/viewthread?MessageKey=ee52d4e5-6969-476c-a006-0e1869116ddb&CommunityKey=f9d65308-ca9b-48b7-915c-7e9cb8fc3295&tab=digestviewer#bmee52d4e5-6969-476c-a006-0e1869116ddb

    I hope this helps,

    Best Regards,
    Patrick


  • 3.  RE: SMSESSION cookie - resolved hostname does not match TARGETH

    Posted Sep 05, 2019 12:09 PM
    Hi Patrick,

    There are two web agents involved in this flow.

    1. Web Agent on the SSO protected application's web server. 
    2. Web Agent on the Access Gateway Server.


    Below are the version details : 

    CA Single Sign-On Policy Server : FullVersion=12.70.100.1437

    CA SiteMinder Web Agent : FullVersion=12.52.104.2032

    CA Access Gateway : FullVersion=12.70.0200.1609




    Thanks,
    Gopi.



  • 4.  RE: SMSESSION cookie - resolved hostname does not match TARGETH

    Posted Sep 05, 2019 12:10 PM
    @Patrick Dussault - Can you please have a look at the details and let me know your thoughts on this. ​


  • 5.  RE: SMSESSION cookie - resolved hostname does not match TARGETH

    Broadcom Employee
    Posted Sep 06, 2019 02:33 AM
    Hi Gopi,

    What are the URL FQDN visited ?

    Best Regards,
    Patrick