SiteMinder : Federation transactions are displaying with "ERR_TOO_MANY_REDIRECTS"
search cancel

SiteMinder : Federation transactions are displaying with "ERR_TOO_MANY_REDIRECTS"

book

Article ID: 140469

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) SITEMINDER

Issue/Introduction

Customer has implemented a new Federation Partnership in which they are the IDP.  After authenticating, users are looping between the saml2sso URL and the Authentication URL.

Environment

Release : All

Component : SITEMINDER FEDERATION SECURITY SERVICES

Cause

The web agent hosting the login form had LegacyVariables=Yes, and this resulted in no SMSERVESESSIONID header when the request reached saml2sso, causing /affwebservices to reject the session cookie.  Saml2sso requires this header in order to validate a session cookie, so agents authenticating federation users should have this parameter set to No when the ACO for /affwebservices is also set to no.

Resolution

Assure the ACO parameters affecting header variables, such as LegacyVariables, are set the same on all agents in an SSO environment.