Users are able to successfully authenticate at the IDP, however, the Web Agent Option Pack is not accepting the session. The error in the FWSTrace.log is:
Request doesn't contain session ID header. Session cookie[SMSESSION]is not valid.
When Web Agent and Web Agent Option Pack are on separate hosts, they need to be put in Proxy Mode, else the Option Pack will not effectively trust the sessions the Web Agent creates.
Release : ALL
Component : SITEMINDER - FEDERATION
Since Web Agent and Web Agent Option Pack are on separate hosts, set ProxyAgent=yes on Web Agent ACO, and ProxyTrust=yes on Web Agent Option Pack ACO to put both in Proxy Mode..