Tracksessiondomain parameter in ACO and use FQDN as the cookie domain
search cancel

Tracksessiondomain parameter in ACO and use FQDN as the cookie domain


Article ID: 40655


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



We're running a Web Agent, and in the following ACO configuration,
users get HTTP 500 in the browser and [10-0017] error in the agent log
while trying to login to “”.

Note: The FQDN ( and the cookiedomain
( have the same value.

  1.    Tracksessiondomain=Yes
  2.    FccCompatMode=Yes

Following is a sample from login agent trace log :

  [Target does not contain cookieDomain:]

  [Validating target for 4.x compatibility mode.]

  [Target domain does not match the local domain. Will not redirect the user to the target.]

How can we fix this ?




  12.51, 12.52 Agents




The behavior of validating target domain is different in 4x compatible
mode(FccCompatMode=Yes) when compared to normal

In normal mode, target is validated based on the entries in the ACO
validTargetDomain, if the list is empty user is not redirected to the

Whereas in 4xcompat mode, if the entries in the ACO ValidTargetDomain
are empty, then user is validated based on cookie domain.


If FccCompatmode=Yes, User is Authenticated but not redirected to the
target. User will see error 500 in the browser.

If FccCompatmode=No, User is Authenticated and redirected to the




1. Run the agent in Normal Mode(FccCompatMode=No) if you want to use
   the cookie domain as same as hostname.

2. If you want to run your agent in 4x Compatible
   Mode(FccCompatMode=Yes), you have to make sure that cookie domain is
   part of hostname not the FQDN.