SMSESSION Cookie is not sent in the request header or Unable to process url SMSESSION data.
search cancel

SMSESSION Cookie is not sent in the request header or Unable to process url SMSESSION data.

book

Article ID: 260031

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign-On CA Single Sign-On

Issue/Introduction

Application is using a cookie provider, however the smsession cookie data is not sent from the cookie provider to the application.

The user was successfully authenticated, but is being sent back to login screen due to the agent does not see the smsession cookie being submitted.

In browser trace, this is what is sent:

GET /index.html?SMSESSION=0000000000000000000000001ed5400a-0e3c-63ea42a4-e942f700-dee882f05e7 HTTP/1.1

This request did not send any cookie data.

In the web agent trace log, here is the transaction trace:

[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:489][CSmHttpPlugin::ProcessResource][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][][][][][][Resolved hostname: 'host.domain.com'.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:508][CSmHttpPlugin::ProcessResource][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][][][][][][Resolved agentname: 'host.domain.com'.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:6034][CSmHttpPlugin::ResolveClientIp][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][][][host.domain.com][][][Resolved Client IP address '10.x.x.x'.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:703][CSmHttpPlugin::ProcessResource][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][][][Resolved URL: '/?SMSESSION=data_suppressed'.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:850][CSmHttpPlugin::ProcessResource][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Resolved METHOD: 'GET'.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:915][CSmHttpPlugin::ProcessResource][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Resolved cookie domain: '.domain.com'.]
[12/21/2022][15:30:54][2638324][4261394176][CSmResourceManager.cpp:112][CSmResourceManager::ProcessResource][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][SM_WAF_HTTP_PLUGIN->ProcessResource returned SmSuccess.]
[12/21/2022][15:30:54][2638324][4261394176][CSmSessionManager.cpp:82][CSmSessionManager::EstablishSession][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Calling SM_WAF_HTTP_PLUGIN->EstablishSession.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:7207][CSmHttpPlugin::ProcessSessionCookie][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Unable to decode SMSESSION cookie.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:2301][CSmHttpPlugin::EstablishSession][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Unable to process url SMSESSION data.]
[12/21/2022][15:30:54][2638324][4261394176][CSmSessionManager.cpp:126][CSmSessionManager::EstablishSession][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][SM_WAF_HTTP_PLUGIN->EstablishSession returned SmNoAction.]
[12/21/2022][15:30:54][2638324][4261394176][CSmLowLevelAgent.cpp:531][IsResourceProtected][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Resource is protected from cache.]
[12/21/2022][15:30:54][2638324][4261394176][CSmResponseManager.cpp:193][ProcessResponses][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Calling SM_WAF_HTTP_PLUGIN->ProcessResponses.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpPlugin.cpp:3097][CSmHttpPlugin::ProcessResponses][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Processing IsProtected responses.]
[12/21/2022][15:30:54][2638324][4261394176][CSmResponseManager.cpp:231][ProcessResponses][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][SM_WAF_HTTP_PLUGIN->ProcessResponses returned SmSuccess.]
[12/21/2022][15:30:54][2638324][4261394176][CSmCredentialManager.cpp:132][CSmCredentialManager::GatherCredentials][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Calling SM_WAF_HTTP_PLUGIN->ProcessCredentials.]
[12/21/2022][15:30:54][2638324][4261394176][CSmCredentialManager.cpp:176][CSmCredentialManager::GatherCredentials][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][SM_WAF_HTTP_PLUGIN->ProcessCredentials returned SmNoAction.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHighLevelAgent.cpp:584][ProcessRequest][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][CredentialManager returned SmNo or SmNoAction, calling ChallengeManager.]
[12/21/2022][15:30:54][2638324][4261394176][CSmChallengeManager.cpp:105][CSmChallengeManager::DoChallenge][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Calling SM_WAF_HTTP_PLUGIN->ProcessChallenge.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpCredCore.cpp:1718][CSmHttpCredCore::DoFormsChallenge][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Executing forms challenge.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHttpCredCore.cpp:2013][CSmHttpCredCore::DoFormsChallenge][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Redirecting to credential collector '/login.fcc?TYPE=35782657&REALMOID=06-0008f4a8-5638-1041-ac3d-990b0a400000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=U4Dte0kar1gKWgTezR...&TARGET=-SM-HTTPS%3a%2f%2fsm%2ecustomer%2edomain%2ero%2f'.]
[12/21/2022][15:30:54][2638324][4261394176][SmPluginUtilities.cpp:407][HandleCredCollectorChallenge][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Redirecting for credentials '/login.fcc?TYPE=35782657&REALMOID=06-0008f4a8-5638-1041-ac3d-990b0a400000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=U4RXbqTgzAMmHpYJJ...&TARGET=-SM-HTTPS%3a%2f%2fsm%2ecustomer%2edomain%2ecom%2f'.]
[12/21/2022][15:30:54][2638324][4261394176][CSmChallengeManager.cpp:124][CSmChallengeManager::DoChallenge][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][SM_WAF_HTTP_PLUGIN->ProcessChallenge returned SmExit.]
[12/21/2022][15:30:54][2638324][4261394176][CSmHighLevelAgent.cpp:608][ProcessRequest][0000000000000000000000005822410a-2841f4-63a3189e-fdffb700-e73212c6042e][*10.x.x.x][][host.domain.com][/][][Challenge Manager returned SmExit, end new request.]

Environment

Release : 12.52

Cause

This is a configuration error.

Cookie provider agent has ACO StoreSessioninServer Agent Configuration setting enabled, however,  the receiving web agent does not have the setting enabled in the ACO.

When StoreSessioninServer is enabled, it only sends a GUID that identifies the stored session instead of the session cookie in the redirect URL.

That's the reason why  the receiving web agent does not see/receive smsession cookie.

Resolution

Set the StoreSessioninServer agent configuration parameter to Yes on all agents and cookie providers that are involved in multi-domain single sign-on.

By default, agents pass SMSESSION cookies in the query string of cookie provider redirect URLs during multi-domain single sign-on operations. To improve security during these operations, customer can set the StoreSessioninServer parameter to configure agents and cookie providers to store the session temporarily and pass a GUID that identifies the stored session instead of the session cookie in the redirect URL.

Additional Information

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/session-protection/session-cookie-management.html#concept.dita_e8264b5396e5470619cc9429f5cffc0b66cfb4d7_StoreSessionCookiesontheSessionStoreforImprovedSecurity

Powered by Wolken Software