Description:

On which server, portal server, authentication server, and cookie provider should we set the "ValidTargetDomain" parameter?

Solution:

The ValidTargetDomain parameter protects Web Agents from phishing attempts that could redirect users to a hostile Web site.

From the documentation, the "ValidTargetDomain" is used during Cookie Credential Collector (CCC) processing.

If you are using a cookie provider, it will be check by it as it is generating the cookie. You do not need to put it on the portal servers.