SharePoint applications integrated with Siteminder SharePoint Agent using WS-Fed protocol. The initial authentication works fine. But when the user tries to open a Word document inside SharePoint, it asks the user to chose one authentication between IWA and Siteminder. When user chooses SIteminder, it gives

"Your organization's policies are preventing us from completing this action for you. For more info, please contact your help desk." error. Users are unable to open any documents from SharePoint. 

Release : 12.8

Component : SITEMINDER FEDERATION SECURITY SERVICES

The user has already been authenticated by Siteminder when this problem occurs, however, the user's SMSESSION cookie is not presented when the user is redirected to /affwebservices/public/wsfeddispatcher to obtain the FedAuth cookie needed to open the document (FedAuth cookie is the session cookie for SharePoint).  The most recent request to this same domain (where /affwebservices is hosted) resulted in the user obtaining a SMSESSION cookie.  There are no subsequent requests to this domain before the user is redirected back to /affwebservices, and thus Siteminder is not invalidating this cookie.  Something within the customer's environment is causing the browser to delete or otherwise not present the SMSESSION cookie as expected.

Since Siteminder is not invalidating/deleting the SMSESSION cookie, the customer must work with their browser support team to determine why the browser does not present the SMSESSION cookie when returning to the domain in which it was set.