Unable to access application after successful authentication
search cancel

Unable to access application after successful authentication


Article ID: 274085


Updated On:


SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Federation (SiteMinder)


Test user is entering valid credentials and should be authorized for the application, but they are returned to the login screen.


Release : ALL


Studying a browser trace showed that a SMSESSION cookie was being set upon the user posting credentials to the .fcc page and the user was redirected to the protected application.  When requesting the protected application, however, the browser was not presenting the session cookie that was set in the previous request.  It appeared as though the browser was not accepting the cookie.  This affected Edge and Chrome, but not Mozilla.

This was occurring because the SameSite=none cookie attribute was being set on the SMSESSION cookie, but the /secure attribute was not being set.  


Updating the web agent Agent Configuration Object (ACO) to include UseSecureCookies=yes allowed the browser to accept the session cookie and present it on the next request.  This allowed the test user to access the application successfully.

Additional Information

Similar symptoms will occur when UseSecureCookies=yes and the protected URL is accessed via http rather than https.  In this instance the browser accepts the cookie, but will not present the cookie over an http connection, thus by the default the user would be rechallenged for authentication.  To resolve this the protected application should either be accessed via https (preferred) or set UseSecureCookies=no.