Opening a SharePoint Document - Authentication Issue

book

Article ID: 206700

calendar_today

Updated On:

Products

CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

We have integrated a few SharePoint applications with Siteminder using WS-Fed protocol. The initial authentication works fine. But when the user tries to open a Word document inside SharePoint, it asks the user to chose one authentication between IWA and Siteminder. When user chooses SIteminder, it gives "Your organization's policies are preventing us from completing this action for you. For more info, please contact your help desk." error. Users are unable to open any documents from SharePoint. Need your help in solving this issue.

Cause

The user has already been authenticated by Siteminder when this problem occurs, however, the user's SMSESSION cookie is not presented when the user is redirected to /affwebservices/public/wsfeddispatcher to obtain the FedAuth cookie needed to open the document (FedAuth cookie is the session cookie for SharePoint).  The most recent request to this same domain (where /affwebservices is hosted) resulted in the user obtaining a SMSESSION cookie.  There are no subsequent requests to this domain before the user is redirected back to /affwebservices, and thus Siteminder is not invalidating this cookie.  Something within the customer's environment is causing the browser to delete or otherwise not present the SMSESSION cookie as expected.

Environment

Release : 12.8

Component : SITEMINDER FEDERATION SECURITY SERVICES

Resolution

Since Siteminder is not invalidating/deleting the SMSESSION cookie, the customer must work with their browser support team to determine why the browser does not present the SMSESSION cookie when returning to the domain in which it was set.