When running 2 Web Agents, when the browser tries to access a URL in
the domain "._host.example.org" after having been
authenticated in domain "._host.example.com", then the user
needs to provide credentials again, and it would be expected it to be
automatically logged in and perform SSO.
The SMSESSION cookie for the Cookie Provider domain
._host.example.org is not getting created before going to the
protected resource on "._host.example.com".
Policy Server 12.8x
The Cookie Provider had the ACO Parameter limitcookieprovider set to
YES. This means that the Cookie Provider won't create any cookie for
the cookie provider domain.
To solve the issue, set the limitcookieprovider to NO on
the Cookie Provider.
Sample of the configuration :
Cookie Provider
http://host-U203313.myhost.mydomain.myservice/protected/index.html
[18648/2428991232][Mon Sep 11 2017 16:18:34] cookiedomain=''.
[18648/2428991232][Mon Sep 11 2017 16:18:34] cookiedomainscope='0'.
[18648/2428991232][Mon Sep 11 2017 16:18:34] enablecookieprovider='yes'.
[18648/2428991232][Mon Sep 11 2017 16:18:34] limitcookieprovider='no'.
[18648/2428991232][Mon Sep 11 2017 16:18:34] trackcpsessiondomain='yes'.
[18648/2428991232][Mon Sep 11 2017 16:18:34] tracksessiondomain='yes'.
Web Agent
http://host-U203312.myhost.myspecialdomain.com/protected/index.html
[14869/738195200][Mon Sep 11 2017 16:18:34] cookiedomain='._host.example.com'.
[14869/738195200][Mon Sep 11 2017 16:18:34] cookiedomainscope='0'.
[14869/738195200][Mon Sep 11 2017 16:18:34] cookieprovider='https://host-u203313._host.example.org/SmMakeCookie.ccc'.
[14869/738195200][Mon Sep 11 2017 16:18:34] enablecookieprovider='no'.
[14869/738195200][Mon Sep 11 2017 16:18:34] limitcookieprovider='no'.
[14869/738195200][Mon Sep 11 2017 16:18:34] tracksessiondomain='yes'.