Application is using a cookie provider, however the smsession cookie data is not sent from the cookie provider to the application.
The user was successfully authenticated, but is being sent back to login screen due to the agent does not see the smsession cookie being submitted.
In browser trace, this is what is sent:
GET /index.html?SMSESSION=0000000000000000000000001ed5400a-0e3c-63ea42a4-e942f700-dee882f05e7 HTTP/1.1
This request did not send any cookie data.
In the web agent trace log, here is the transaction trace:
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:489][CSmHttpPlugin::ProcessResource][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][][][][][][Resolved hostname: 'host.domain.com'.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:508][CSmHttpPlugin::ProcessResource][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][][][][][][Resolved agentname: 'host.domain.com'.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:6034][CSmHttpPlugin::ResolveClientIp][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][][][host.domain.com][][][Resolved Client IP address '10.x.x.x'.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:703][CSmHttpPlugin::ProcessResource][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][][][Resolved URL: '/?SMSESSION=data_suppressed'.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:850][CSmHttpPlugin::ProcessResource][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Resolved METHOD: 'GET'.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:915][CSmHttpPlugin::ProcessResource][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Resolved cookie domain: '.domain.com'.]
[12/21/2022][15:30:54][2638324][4261394176][CSmResourceManager.cpp:112][CSmResourceManager::ProcessResource][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][SM_WAF_HTTP_PLUGIN->ProcessResource returned SmSuccess.]
[12/21/2022][15:30:54][2638324][4261394176][CSmSessionManager.cpp:82][CSmSessionManager::EstablishSession][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Calling SM_WAF_HTTP_PLUGIN->EstablishSession.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:7207][CSmHttpPlugin::ProcessSessionCookie][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Unable to decode SMSESSION cookie.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:2301][CSmHttpPlugin::EstablishSession][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Unable to process url SMSESSION data.]
[12/21/2022][15:30:54][2638324][4261394176][CSmSessionManager.cpp:126][CSmSessionManager::EstablishSession][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][SM_WAF_HTTP_PLUGIN->EstablishSession returned SmNoAction.]
[12/21/2022][15:30:54][2638324][4261394176][CSmLowLevelAgent.cpp:531][IsResourceProtected][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Resource is protected from cache.]
[12/21/2022][15:30:54][2638324][4261394176][CSmResponseManager.cpp:193][ProcessResponses][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Calling SM_WAF_HTTP_PLUGIN->ProcessResponses.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:3097][CSmHttpPlugin::ProcessResponses][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Processing IsProtected responses.]
[12/21/2022][15:30:54][2638324][4261394176][CSmResponseManager.cpp:231][ProcessResponses][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][SM_WAF_HTTP_PLUGIN->ProcessResponses returned SmSuccess.]
[12/21/2022][15:30:54][2638324][4261394176][CSmCredentialManager.cpp:132][CSmCredentialManager::GatherCredentials][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Calling SM_WAF_HTTP_PLUGIN->ProcessCredentials.]
[12/21/2022][15:30:54][2638324][4261394176][CSmCredentialManager.cpp:176][CSmCredentialManager::GatherCredentials][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][SM_WAF_HTTP_PLUGIN->ProcessCredentials returned SmNoAction.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHighLevelAgent.cpp:584][ProcessRequest][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][CredentialManager returned SmNo or SmNoAction, calling ChallengeManager.]
[12/21/2022][15:30:54][2638324][4261394176][CSmChallengeManager.cpp:105][CSmChallengeManager::DoChallenge][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Calling SM_WAF_HTTP_PLUGIN->ProcessChallenge.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpCredCore.cpp:1718][CSmHttpCredCore::DoFormsChallenge][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Executing forms challenge.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpCredCore.cpp:2013][CSmHttpCredCore::DoFormsChallenge][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Redirecting to credential collector '/login.fcc?TYPE=35782657&REALMOID=06-0008f4a8-5638-1041-ac3d-990b0a400000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=U4Dte0kar1gKWgTezR...&TARGET=-SM-HTTPS%3a%2f%2fsm%2ecustomer%2edomain%2ero%2f'.]
[12/21/2022][15:30:54][2638324][4261394176][SmPluginUtilities.cpp:407][HandleCredCollectorChallenge][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Redirecting for credentials '/login.fcc?TYPE=35782657&REALMOID=06-0008f4a8-5638-1041-ac3d-990b0a400000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=U4RXbqTgzAMmHpYJJ...&TARGET=-SM-HTTPS%3a%2f%2fsm%2ecustomer%2edomain%2ecom%2f'.]
[12/21/2022][15:30:54][2638324][4261394176][CSmChallengeManager.cpp:124][CSmChallengeManager::DoChallenge][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][SM_WAF_HTTP_PLUGIN->ProcessChallenge returned SmExit.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHighLevelAgent.cpp:608][ProcessRequest][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Challenge Manager returned SmExit, end new request.]
Release : 12.52
This is a configuration error.
Cookie provider agent has ACO StoreSessioninServer Agent Configuration setting enabled, however, the receiving web agent does not have the setting enabled in the ACO.
When StoreSessioninServer is enabled, it only sends a GUID that identifies the stored session instead of the session cookie in the redirect URL.
That's the reason why the receiving web agent does not see/receive smsession cookie.
Set the StoreSessioninServer agent configuration parameter to Yes on all agents and cookie providers that are involved in multi-domain single sign-on.
By default, agents pass SMSESSION cookies in the query string of cookie provider redirect URLs during multi-domain single sign-on operations. To improve security during these operations, customer can set the StoreSessioninServer parameter to configure agents and cookie providers to store the session temporarily and pass a GUID that identifies the stored session instead of the session cookie in the redirect URL.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/session-protection/session-cookie-management.html#concept.dita_e8264b5396e5470619cc9429f5cffc0b66cfb4d7_StoreSessionCookiesontheSessionStoreforImprovedSecurity