Users are unexpectedly failing authentication.
The Web Agent trace log revealed that the URL domain of the TARGET during authentication was considered invalid, despite the domain in question appearing in the ValidTargetDomain parameter. The problem was the list of valid target domains was entered into the ACO via a comma-separated list in single-value mode. This could be easily seen by viewing the ACO in the AdminUI, and also in the Web Agent error log where the parameter was listed once with comma-separated values. When the values are input properly using multi-value input in the AdminUI, the Web Agent error log displays the parameter multiple times, once for each value.
Release : 12.8
Component : SITEMINDER POLICY SERVER, WEB AGENTS
When adding multiple values to an ACO parameter in the AdminUI, always use the Multi-Value entry option when available. This assures the multiple values are passed to the web agent as expected so that all values will be honored.
Do not include a leading dot when adding values to the ValidTargetDomain parameter. The Web Agent does not consider a leading dot when evaluating the target domain, thus including the leading dot in the parameter values will cause the values to be invalid.
This article also applies to the ValidFedTargetDomain parameter.
ACO = Agent Configuration Object