Troubleshooting the Error Message "Access to this web site requires that cookies pass properly between your web browser and this web server".

book

Article ID: 53122

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description

On occasion SiteMinder will give you the following after you try to login:

Please Note: Access to this web site requires that cookies pass properly between your web browser and this web server. Please check the following and retry your request:

* your web browser is configured to accept cookies.
* you are using a fully qualified domain name in your URL.

* http://server.domain.com/index.html is CORRECT.
* http://server/index.html is INCORRECT.
* http://123.123.22.22/index.html is INCORRECT.

This is a result of the browser being unable to write the cookie. This technote discusses some of the steps to troubleshoot this error message.

Solution

On occasion SiteMinder will give you the following after you try to login:

Please Note: Access to this web site requires that cookies pass properly between your web browser and this web server. Please check the following and retry your request:

* your web browser is configured to accept cookies.
* you are using a fully qualified domain name in your URL.

* http://server.domain.com/index.html is CORRECT.
* http://server/index.html is INCORRECT.
* http://123.123.22.22/index.html is INCORRECT.

There are a number of reasons why this happens. The main issue is that SiteMinder is unable to write (or does not want to write) the SMESSION cookie to the user's browser. This can happen because of the following:

  1. The parameter, UseSecureCookies = YES, is set. This forces SiteMinder to only send cookies over an https connection. If you log in through an http connection SiteMinder will not send the SMESSION cookie.
  2. The domain parameter in the webagent's agent configuration object is set incorrectly. Double check the domain and the domain scope.
  3. The webagent is unable to resolve the value in the Host: header that is sent from the web browser to the web agent. This is usually due to not having DNS on the webserver. A quick solution is to add the web server's hostname and IP into /etc/hosts (or the equivalent DNS resolver file)
For #1 and #2 you must recycle the webagent for the changes to take effect. For #3 you should make sure you flush the DNS cache.

Environment

Release:
Component: SMPLC