ERR_TOO_MANY_REDIRECTS

book

Article ID: 140469

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) SITEMINDER

Issue/Introduction

Customer has impletmented a new Federation Partnership in which they are the IDP.  After authenticating, users are looping between the saml2sso URL and the Authentication URL.

Cause

The web agent hosting the login form had LegacyVariables=Yes, and this resulted in no SMSERVESESSIONID header when the request reached saml2sso, causing /affwebservices to reject the session cookie.  Saml2sso requires this header in order to validate a session cookie, so agents authenticating federation users should have this parameter set to No when the ACO for /affwebservices is also set to no.

Environment

Release : All

Component : SITEMINDER FEDERATION SECURITY SERVICES

Resolution

Assure the ACO parameters affecting header variables, such as LegacyVariables, are set the same on all agents in an SSO environment.