Multiple 'cookiedomain' parameters defined in the ACO
search cancel

Multiple 'cookiedomain' parameters defined in the ACO

book

Article ID: 263278

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

The Siteminder Web Agent Log shows the following error during start-up:

[ERROR][sm-HTTPAgent-00340] Invalid configuration: 'cookiedomain' has been specified more than once; using default value.

Environment

PRODUCT: Siteminder

COMPONENT: Web Agent

Release : 12.52

Cause

The Agent Configuration Object (ACO) is configured with multiple values in the 'cookiedomain' parameter.  The 'cookiedomain' parameter is not a multi-valued parameter.

Resolution

The web agent will create a cookie in the domain of the FQDN used in the request.  


EXAMPLE

=========================================
REQUEST: POST http://<host>.<domain>.<tld>/siteminderagent/forms/login.fcc?TYPE=33554433&REALMOID=06-4158f185-1185-4bd2-a11c-44c5f719f965&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-f0idQdll%2bm%2bIO%2flt2%2flVJ7Xi4phP1Jdxt689GeGnAiTMf1WNglvyXX9ePnkBdTKW&TARGET=-SM-http%3a%2f%2f<host>%2e<domain>%2e<tld>%2<path>%2f<file>%2ehtm HTTP/1.1
Host: <host>.<domain>.<tld>

-----------------------------------------

RESPONSE: HTTP/1.1 302 HTTP/1.1 302 Object Moved
Cache-Control: no-store
Location: http://<host>.<domain>.<tld>/<path>/<file>.htm
Server: Microsoft-IIS/10.0
set-cookie: SMLOCALE=en-US,en; path=/
set-cookie: SMTRYNO=; expires=Wed, 05 Oct 2022 17:23:14 GMT; path=/; domain=.smlab2.com
set-cookie: SMSESSION=iPq5pOuD+myQDrQoNU13VycccjglVtUeHeNinzcqsANKtSRZlvcO5oJiBsvr0ujDMpxJq5h29EN4Y1hS1WAYc5o/jFcW7siXBazdx+Mfv7HZUfNMykwStWyuv7o4G/ronmZ7YaKyDT0yGvUzUmINJZhg9TRV1LNMoFEKOwWjscWPStFzgubcZPCTunjB1QXFjeS17Hy5weFjXO54r8/rXen4dOrXSza7gMZhyvCmuU8xpkEdD/zA9aTyGFLV4GRKXKonjVqD76GmWK7F+zcX489c6hn1xSrn9VL5kEpGkflZRXcE8ELG5TbE3CAmqkqqJKcw1JzpPRBi5XVYc9o4YIK0cUImFzDwaZQRECEY3XERk3p9BfqHnuK9Zo3oAx2vMapFEqc0w+arXhiYHhNDGGqvBEpgMc81GWOYqoBwQ4TiV3A/KsgocBvVZZzmTV8VUMKB8+tUgeq94tm9BtjvS6N2ncgOiHFQkE6CFqnhuL6D0J5qcK9bKjfAyfBU7ItXk4ThOcP+5Z5/3RaajxNzB3QulOZVQrmY+whmLrjTH6GSKaJCFJYe8Y1Cg+xs7iXchsd0DW4yea0gJ3bAzExLucuECazibZ9x5BiBBcrp9eG9ox2ITlIqqN40pG+ga4NenxJclBGGAinNUmJgcEhZRM4QBtm1Cx1AkQlxcwxZeB1OSE8XoexdY206AIY3/DhxbR/dbeZE6CVl4C1WzaQF+sY/Nfe+EhzeyPsd0X1bIajLRb6WGMrTrF3jd4YpFk1FQ8FOdeDvf1CQ4n50DQkg49mvV0LQqnd9XxQ0qiZTDdquX4lKluFDqzdqw37DE/dgsyXUyxP8J78vn5a/bz3NWR/8AkAn1r2SPbHIStInG/fEBPNId7hKLoKCI9wU0by57j+/MNJYYpBMi+WfChYpimqJatFOiRgKp6VOu/913lxZALnGheVzvZwTpH235N9M9MKEEvRQ08LaaF3Z3WRQm9jrh9q9XJVi5GsbUCO8bVccgcT4u9wJlPnTtLQ5UXYq1bPj8GC5RMNd93tNtZdk7u6d9wR7EOq0KlQCajKJ/Lsp0HFSWj6D7Y44i0PF178q; path=/; domain=.<domain>.<tld>
=========================================

This behavior can be overridden using the 'cookiedomain' attribute in the Agent Configuration Object (ACO).  When the ACO has the 'cookiedomain' attribute enabled, the domain from the 'cookiedomain' attribute is used for the SMSESSION cookie, rather than the domain of the FQDN in the browser request.

The error is indicating that there are two values set in the 'cookiedomain' ACO parameter and therefore the agent can't determine which to use.  The agent then indicates it is reverting to the 'default' domain, which is the domain from the FQDN in the POST rather than either of the values in the ACO parameter.  In order to resolve this error and have the web agent set the domain of the SMSESSION cookie, one of the values must be removed from the 'cookiedomain' ACO parameter.  This is a single-valued attribute.

If you are attempting to create an SMSESSION cookie in two different domains, then a Cookie Provider for the other domain needs to be configured.  

Review the following sections of the "SYMANTEC SITEMINDER - 12.8  Product Guide:

Configure Web Agent Single Sign-On Settings

RequireCookies
CookieDomain
CookieDomainScope

CookieProvider
EnableCookieProvider
LimitCookieProvider

Additional Information