In a single sign-on setup, there are multiple regular web agents involved.
When login to one application, noticed smsession cookie was setting SAMESITE as "strict".
Once that happens, then user could not SSO into other report application, user gets authentication login prompt.
Customer thinks this is the cause of single sign-on failure.
Even though we have verified both side standard agents do not have SAMESITE feature enabled.
And the two applications are in the same cookie domain.
During troubleshooting, turning on SAMESITE feature on ACO, and deliberately set it to none, has no effect on the SAMESITE result value.
In browser testing, still noticed smsession cookie was setting SAMESITE as "strict" almost instantly.
Release : 12.8.05
Component : SITEMINDER -WEB AGENT FOR APACHE