The Siteminder Web Agent Log shows the following error during start-up:
[ERROR][sm-HTTPAgent-00340] Invalid configuration: 'cookiedomain' has been specified more than once; using default value.
PRODUCT: Siteminder
COMPONENT: Web Agent
Release : 12.52
The Agent Configuration Object (ACO) is configured with multiple values in the 'cookiedomain' parameter. The 'cookiedomain' parameter is not a multi-valued parameter.
The web agent will create a cookie in the domain of the FQDN used in the request.
EXAMPLE
=========================================
REQUEST: POST http://<host>.<domain>.<tld>/siteminderagent/forms/login.fcc?TYPE=33554433&REALMOID=06-4158f185-1185-4bd2-a11c-44c5f719f965&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-f0idQdll%2bm%2bIO%2flt2%2flVJ7Xi4phP1Jdxt689GeGnAiTMf1WNglvyXX9ePnkBdTKW&TARGET=-SM-http%3a%2f%2f<host>%2e<domain>%2e<tld>%2<path>%2f<file>%2ehtm HTTP/1.1
Host: <host>.<domain>.<tld>
-----------------------------------------
RESPONSE: HTTP/1.1 302 HTTP/1.1 302 Object Moved
Cache-Control: no-store
Location: http://<host>.<domain>.<tld>/<path>/<file>.htm
Server: Microsoft-IIS/10.0
set-cookie: SMLOCALE=en-US,en; path=/
set-cookie: SMTRYNO=; expires=Wed, 05 Oct 2022 17:23:14 GMT; path=/; domain=.smlab2.com
set-cookie: SMSESSION=iPq5pOuD+myQDrQoNU13VycccjglVtUeHeNinzcqsANKtSRZlvcO5oJiBsvr0ujDMpxJq5h29EN4Y1hS1WAYc5o/jFcW7siXBazdx+Mfv7HZUfNMykwStWyuv7o4G/ronmZ7YaKyDT0yGvUzUmINJZhg9TRV1LNMoFEKOwWjscWPStFzgubcZPCTunjB1QXFjeS17Hy5weFjXO54r8/rXen4dOrXSza7gMZhyvCmuU8xpkEdD/zA9aTyGFLV4GRKXKonjVqD76GmWK7F+zcX489c6hn1xSrn9VL5kEpGkflZRXcE8ELG5TbE3CAmqkqqJKcw1JzpPRBi5XVYc9o4YIK0cUImFzDwaZQRECEY3XERk3p9BfqHnuK9Zo3oAx2vMapFEqc0w+arXhiYHhNDGGqvBEpgMc81GWOYqoBwQ4TiV3A/KsgocBvVZZzmTV8VUMKB8+tUgeq94tm9BtjvS6N2ncgOiHFQkE6CFqnhuL6D0J5qcK9bKjfAyfBU7ItXk4ThOcP+5Z5/3RaajxNzB3QulOZVQrmY+whmLrjTH6GSKaJCFJYe8Y1Cg+xs7iXchsd0DW4yea0gJ3bAzExLucuECazibZ9x5BiBBcrp9eG9ox2ITlIqqN40pG+ga4NenxJclBGGAinNUmJgcEhZRM4QBtm1Cx1AkQlxcwxZeB1OSE8XoexdY206AIY3/DhxbR/dbeZE6CVl4C1WzaQF+sY/Nfe+EhzeyPsd0X1bIajLRb6WGMrTrF3jd4YpFk1FQ8FOdeDvf1CQ4n50DQkg49mvV0LQqnd9XxQ0qiZTDdquX4lKluFDqzdqw37DE/dgsyXUyxP8J78vn5a/bz3NWR/8AkAn1r2SPbHIStInG/fEBPNId7hKLoKCI9wU0by57j+/MNJYYpBMi+WfChYpimqJatFOiRgKp6VOu/913lxZALnGheVzvZwTpH235N9M9MKEEvRQ08LaaF3Z3WRQm9jrh9q9XJVi5GsbUCO8bVccgcT4u9wJlPnTtLQ5UXYq1bPj8GC5RMNd93tNtZdk7u6d9wR7EOq0KlQCajKJ/Lsp0HFSWj6D7Y44i0PF178q; path=/; domain=.<domain>.<tld>
=========================================
This behavior can be overridden using the 'cookiedomain' attribute in the Agent Configuration Object (ACO). When the ACO has the 'cookiedomain' attribute enabled, the domain from the 'cookiedomain' attribute is used for the SMSESSION cookie, rather than the domain of the FQDN in the browser request.
The error is indicating that there are two values set in the 'cookiedomain' ACO parameter and therefore the agent can't determine which to use. The agent then indicates it is reverting to the 'default' domain, which is the domain from the FQDN in the POST rather than either of the values in the ACO parameter. In order to resolve this error and have the web agent set the domain of the SMSESSION cookie, one of the values must be removed from the 'cookiedomain' ACO parameter. This is a single-valued attribute.
If you are attempting to create an SMSESSION cookie in two different domains, then a Cookie Provider for the other domain needs to be configured.
Review the following sections of the "SYMANTEC SITEMINDER - 12.8 Product Guide:
Configure Web Agent Single Sign-On Settings
RequireCookies
CookieDomain
CookieDomainScope
CookieProvider
EnableCookieProvider
LimitCookieProvider