We have integrated a few SharePoint applications with Siteminder using WS-Fed protocol. The initial authentication works fine. But when the user tries to open a Word document inside SharePoint, it asks the user to chose one authentication between IWA and Siteminder. When user chooses SIteminder, it gives "Your organization's policies are preventing us from completing this action for you. For more info, please contact your help desk." error. Users are unable to open any documents from SharePoint. Need your help in solving this issue.
The user has already been authenticated by Siteminder when this problem occurs, however, the user's SMSESSION cookie is not presented when the user is redirected to /affwebservices/public/wsfeddispatcher to obtain the FedAuth cookie needed to open the document (FedAuth cookie is the session cookie for SharePoint). The most recent request to this same domain (where /affwebservices is hosted) resulted in the user obtaining a SMSESSION cookie. There are no subsequent requests to this domain before the user is redirected back to /affwebservices, and thus Siteminder is not invalidating this cookie. Something within the customer's environment is causing the browser to delete or otherwise not present the SMSESSION cookie as expected.
Release : 12.8
Component : SITEMINDER FEDERATION SECURITY SERVICES
Since Siteminder is not invalidating/deleting the SMSESSION cookie, the customer must work with their browser support team to determine why the browser does not present the SMSESSION cookie when returning to the domain in which it was set.