On which server, portal server, authentication server, and cookie provider should we set the "ValidTargetDomain" parameter?
The ValidTargetDomain parameter protects Web Agents from phishing attempts that could redirect users to a hostile Web site.
From the documentation, the "ValidTargetDomain" is used during Cookie Credential Collector (CCC) processing.
If you are using a cookie provider, it will be check by it as it is generating the cookie. You do not need to put it on the portal servers.