Unable to Access SAML App - Authentication is Failing


Article ID: 140303


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) SITEMINDER


Users are intermittently failing authentication with a generic login failure message.  Subsequent authentication attempts usually succeed.  External users seem more affected than internal users, although both experience intermittent failures.


The web agent serving the login form was running in FCCCompatMode (FCCCompatMode=yes). One of the web agents hosting the target application had its system clock set more than 5 minutes in the future. Since the FORMCRED cookie set by the login agent and processed by the target application agent has a five minute timeout, the cookie was rejected each time it was presented to this host and the authentication attempt failed.

Agents processing FORMCRED cookies will reject the cookie if it is either more than 5 minutes old, or appears to have been set in the future.


Release : All

Component : All Web Agents


 Web agent system clocks need to be tightly in sync when FCCCompatMode=yes.