ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Unexpected Authentication Failure with ValidTargetDomain


Article ID: 140305


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) SITEMINDER


Users are unexpectedly failing authentication.


The Web Agent trace log revealed that the URL domain of the TARGET during authentication was considered invalid, despite the domain in question appearing in the ValidTargetDomain parameter.  The problem was the list of valid target domains was entered into the ACO via a comma-separated list in single-value mode.  This could be easily seen by viewing the ACO in the AdminUI, and also in the Web Agent error log where the parameter was listed once with comma-separated values.  When the values are input properly using multi-value input in the AdminUI, the Web Agent error log displays the parameter multiple times, once for each value.


Release : 12.8



When adding multiple values to an ACO parameter in the AdminUI, always use the Multi-Value entry option when available.  This assures the multiple values are passed to the web agent as expected so that all values will be honored.

Additional Information

Do not include a leading dot when adding values to the ValidTargetDomain parameter.  The Web Agent does not consider a leading dot when evaluating the target domain, thus including the leading dot in the parameter values will cause the values to be invalid.

This article also applies to the ValidFedTargetDomain parameter. 

ACO = Agent Configuration Object