FedAuth cookie not geneatred in SP2013 with SiteMinder as Trusted Identity Provider

Hello,
We have configured Site Minder (with SAML 1.1) as trusted identity provider in SP2013. We have mapped Email Address as claim type. But we found in Fiddler that FedAuth cookie is not getting generated so users are not able to access the site and redirects
to sign in page again.
Any help provided here much appreciated.
Thanks
Shital

Hi Shital,
The default expiration time of the FedAuth cookie is 10 hours, you could change the expiration time of the FedAuth cookie per the link below:
http://dotnetfollower.com/wordpress/2013/07/sharepoint-how-to-change-the-expiration-time-of-the-fedauth-cookie/
Fiddler you will not be able to see these cookies as they are generated client side.
http://blogs.msdn.com/b/mcsnoiwb/archive/2012/06/10/lost-authentication-cookies-in-sharepoint.aspx
If you are using load balancing solution, don’t forget affinity:
http://blogs.technet.com/b/speschka/archive/2011/10/28/make-sure-you-know-this-about-sharepoint-2010-claims-authentication-sticky-sessions-are-required.aspx
For more information:
http://fredericloud.com/2011/01/11/connecting-to-sharepoint-with-claims-authentication/
Regards,
Rebecca Tu
TechNet Community Support

Similar Messages

How to get the Trusted Identity Login Page with the needed parameters to make custom login screen instead of sharepoint Login Page?

hi guys
i have configured trusted identity provider for my public facing internet portal, but i dont want to use the login screen
since i have about 10 site collection which will use this authentication.
is there a class or property that gives me the url ready with the parameters like "wa" and "wtrealm" and the redirect url based on the place the user click the link from.

You can create your own login page and specify the URL for it in the authentication provider settings of a Web Application or Zone. So the easiest way to do what you want would be to extend your existing Web Application to a new Zone, change the login
Page url to point to use your custom zone, and tell users to use the url of that zone to login with the custom provider you have built.
If you want a single zone then you will need to modify a copy of the login page you display above and have it redirect to a custom login page for your identity provider if the pick the correct entry in the dropdown.
Paul Stork SharePoint Server MVP
Principal Architect: Blue Chip Consulting Group
Blog: http://dontpapanic.com/blog
Twitter: Follow @pstork
Please remember to mark your question as "answered" if this solves your problem.

I cannot sign in. "This Apple ID has not yet been used with the iTunes Store. Please review your account information." I click "Review", next message "You must turn on cookies to continue.   Cookies must be enabled if you want to create or edit.. etc."

I applied and received an upgrade code to Redeem Mountain Lion for my new MBP.
I get this message when I try to Sign in to the App Store after entering the redemption content code, and also if I just try to "Sign In".   The first part of the error is true - I haven't used the AppleID with the iTunes store.
I received the upgrade code using this same AppleID, so I don't think I can use a different AppleID.
I also tried to re-create this appleID...(it was one suggestion I saw for this issue) It doesn't let me since the ID already exists...
The error is:
"This Apple ID has not yet been used with the iTunes Store. Please review your account information." I click "Review", next message "You must turn on cookies to continue.   Cookies must be enabled if you want to create or edit.. etc."
It's clearly not a cookie issue..   Stuck...

The first part of the error is true - I haven't used the AppleID with the iTunes store.
Try here > Using an existing Apple ID with the iTunes Store and Mac App Store
received the upgrade code using this same AppleID, so I don't think I can use a different AppleID.
Correct.
It's clearly not a cookie issue..
As for cookies. Quit the App Store. Now open the Finder. From the Finder menu bar click Go > Go to Folder.
Type this exactly as you see it here:   ~/Library/Cookies
Click Go the move the   com.apple.appstore.plist   file from the Cookies folder to the Trash.
Relaunch the App Store.

Vine.co can not watch videos on other browsers do not have the problem with firefox firefox there just did not work, delete cookies, history

vine.co can not watch videos on other browsers do not have the problem with firefox firefox there just did not work, delete cookies, history

I think this problem may be caused by Yahoo's changes making it incompatible with the klatest version of FireFox.
This is suddenly affecting many many people who use Firefox and are members of Yahoo Groups. All these people say they themselves changed nothing and have not been locked out before when using Firefox. But suddenly, within the last week, they are.
What did Mozilla do or what did Yahoo do to cause this problem? I can say that I was not blocking cookies and after trying a number of things to fix it, I went to Yahoo's home page and navigated to my group from here.
This problem is not anything a user did. Either Firefox is at fault or Yahoo is. I want to know which company is at fault and when they are going to fix it.

FedAuth Cookie intermittently set as persistent cookie

I have a following situation. Have a Sharepoint 2013 farm with 8 Front end servers with 2 of them allocated for Central
Adimin. I have to setup the fedAuth cookie as session cookie to ensure, the session get removed when the user closes the browser.
Ran the following PS script to configure session cookies.
$sts = Get-SPSecurityTokenServiceConfig
$sts.UseSessionCookies = $true
$sts.Update()
iisreset
Even after this configuration, I see FedAuth is being set as Persistent cookie with an expiration date. FedAuth cookie
is setup as Persistent cookie intermittently. Any insight on this intermittent behavior will be very helpful.

Hi moothi_na,
i hope this explanation can be help to understand
"The default behavior of SharePoint is to store this persistent cookie on the user’s disk, with fixed expiration date"
as Inderjeet Singh Jaggi posted before, you may need to set addtitional requirements steps to fix this expiration date as you need.
http://blogs.technet.com/b/speschka/archive/2010/08/09/setting-the-login-token-expiration-correctly-for-sharepoint-2010-saml-claims-users.aspx
http://msdn.microsoft.com/en-us/library/hh446526.aspx
Regards,
Aries
Microsoft Online Community Support
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

FedAuth cookie expiration ADFS in SharePoint 2010

I have the follow situation: TokenLifetime on ADFS STS for SharePoint setted for 10 hours and the LogonTokenCacheExpirationWindow on SharePoint setted to 1 minute.
But I see from time to time that after 2 hour user may be redirected to ADFS STS. We have NLB on our solution, may be SPTokenCache not adopted to work with NLB? The Affinity on the NLB Servers is set with single. We have users
randomly be redirected back to a login page. We make use of Persistent cookies.
Sometimes the users end up in an authentication loop that causes ADFS to halt the request because of a perceived denial of service (DOS) attack, as the note states.
If i look at a trace of the activity, i see SharePoint setting the fedauth cookie has an expired value, and start making the requests again to ADFS, which then, for reasons which are still unclear to me, either won’t issue
you a non-expired cookie, or SharePoint looks at and transforms it to an expired cookie. That’s what kicks off that DOS cycle I described above.
I don't get it because i USE SINGLE AFFINITY WITH WINDOWS LOAD BALANCER! Please help :(
jtjscholten

Hi jtjscholten,
Before sending a new FEDAUTH cookie back to the user’s browser, SharePoint calculates the expiration of the cookie with the following formula:
SAML Token Lifetime – Logon Token Cache Expiration Window
For example, if ADFS sets the SAML Token Lifetime to 10 minutes and Logon Token Cache Expiration Window is set in the STS as 2 minutes then the overall SharePoint session lifespan is 8 minutes.
And if (TokenLifeTime - LogonTokenCacheExpirationWindow) =< 0 then you get a loop.
For your issue, please take steps as below:
Try below command on ADFS server:
Add-PSSnapin Microsoft.ADFS.PowerShell
Set-AdfsRelyingPartyTrust –TargetName "[ourrelayingpartytrustreference]" –TokenLifeTime 10
Stop and start the ADFS server(do not restart it. Manually stop and start it)
Then run below command on sharepoint server
$sts = Get-SPSecurityTokenServiceConfig
$sts.LogonTokenCacheExpirationWindow = (New-Timespan -Minutes 1)
$sts.Update()
iisreset
Reference:
http://social.technet.microsoft.com/Forums/en-US/f8d0fa27-2044-47c1-8dbd-0cf6dfb49942/fedauth-cookie-intermittently-set-as-persistent-cookie?forum=sharepointadmin
http://msdn.microsoft.com/en-us/library/hh147183.aspx
http://technet.microsoft.com/en-us/library/jj219795(v=office.15).aspx
Best Regards,
Eric
Eric Tao
TechNet Community Support

Trying to sign in to itunes store via windows xp...get to id and pwd and then it says "This Apple ID has not yet been used with the itunes store...please review acct. info" Well how can I use it if you don't let me log in!?

Tyring to sign in to iTunes store viz windows XP...I get to entering my ID and PWD and then the message pops up "This Apple ID has not yet been used with the iTunes store...please review acct. info." HELP! I have cleared DNS, checked proper date & time and deleted SC folder from programs like support suggested--all to no avail.

The first part of the error is true - I haven't used the AppleID with the iTunes store.
Try here > Using an existing Apple ID with the iTunes Store and Mac App Store
received the upgrade code using this same AppleID, so I don't think I can use a different AppleID.
Correct.
It's clearly not a cookie issue..
As for cookies. Quit the App Store. Now open the Finder. From the Finder menu bar click Go > Go to Folder.
Type this exactly as you see it here: ~/Library/Cookies
Click Go the move the com.apple.appstore.plist file from the Cookies folder to the Trash.
Relaunch the App Store.

Could not retrieve the document with the passed obsolete token.

Hi,
Issue is with the specific report not able to execute when the query is cancelled and getting an error when you are cancelling an already executing query.
Receiving an error message during running one of our report in the
following way:
- Run the Webi report
- Select the value for 8 prompts
- Click on cancel
- try to re-run by clicking on re-fresh and receive an error message.
The error message is the following:
"Could not retrieve the document with the passed obsolete token (Error: RWI 00323) (Error: INF)"
Till now we have made the following changes:
This might be caused by a storage token that identifies a document state, which is no longer available in the storage tokens stack.
In the webi.properties file, increased the value of storage tokens stack size.
1. Edit the webi.properties file found in the following location:
u2022 <Installed dir>\program files\businessobjects\BOenterprise115\Web services\en\dsws_webservice_boe\data\asemble\dsewsBobjJava\src\WEB-INF\classes\webi.properties.
2. Add or change the following variables:
u2022 WID_FAILOVER_SIZE (This sets the maximum number of tokens to keep in memory. It is 10 by default.)
u2022 WID_STORAGE_TOKEN_STACK_SIZE (this sets the maximum number of tokens stored on disk. It is 10 by default.)
u2022 Deleted cookies.
u2022 Add the Java Runtime Parameter value from following path:
Start - > Control Panel-> Java -> Java Applet Runtime Settings
Click on View.
Add the Java runtime Parameter value: Xmx200.
It is not a machine specific issue however it is intermittent.
Please advice.
Regards,
Pradnya Kokil

Hi Pradnya,
Following solutions might help you to resolve the issue.
Solution1:
To achieve optimum performance, the developer should limit the number of new windows that can be opened using the OpenDocument function, particularly if using it within the drill function.
If you must open a new window each time, you can increase the number of document instances available on the system by modifying parameters in the webi.properties file:
1. On the Business Objects server, navigate to the following directory:
C:\Program Files\Business Objects\Tomcat\webapps\businessobjects\enterprise115\desktoplaunch\WEB-INF\classes
2. Open the webi.properties file using a text editor.
3. Uncomment the FAILOVER_SIZE=10 line by removing the # from the beginning of the line.
4. After FAILOVER_SIZE, add the following:
STORAGE_TOKEN_STACK_SIZE=40
5. Save the file.
6. Restart the application server
Solution2:
Do not use Control Key + N or File New from Browser for invoking new instance of Browser
Avoid opening Infoview by Hyperlinks.
Alternatively, by setting logontoken.enabled property in web.xml for desktop.war, will stop users allowing using old token
Locate web.xml file in desktop.war file deployed on your application server
Locate the following string in web.xml:<param-name>logontoken.enabled</param-name>
Change the <param-value> for logontoken.enabled from true to false (forexample, <param-value>false</param-value>)
Save and close the file
Restart the web application server to apply the changes
Regards,
Sarbhjeet Kaur

MYSAPSSO2 Cookie not found in IE

Hi Everyone,
I am trying to implement SSO between a third party Java application and the SAP EP 7.0. As a test procedure, I log in to my portal and then run my code to see if I can retrieve and decrypt the MYSAPSSO2 cookie.
My code works perfectly when I log in to the portal using Mozilla Firefox (2.0.0.1); I can see the MYSAPSSO2 cookie and decrypt it (Log file output below). However, when I use IE (6.0.3790.1830) to log in to the portal, I can not retrieve the MYSAPSSO2 cookie. It seems as if this cookie does not even exists. I am thinking the cookie is somehow hidden and therefore my code can't see it.
Has anyone faced this issue before? I have tried to decrease the security settings on IE but that doesn't help things. Any help on this issue would be really appreciated!
Pasted below is a snippet of my code.
//request is a HttpServletRequest object
Cookie[] allCookies = request.getCookies();
 int allCookiesLength = allCookies.length;
 for (int i = 0 ; i<allCookiesLength; i++)
 Log.debug("Cookie Name at " + i + " = " + allCookies.getName());
 if(allCookies.getName().compareToIgnoreCase("MYSAPSSO2")==0)
 SAP_SSO_COOKIE = allCookies;
 Log.debug("Cookie Found!");
 cookieFound = true;
 break;
 Log.debug("Cookie NOT Found!");
 cookieFound = false;
Log file Output with IE
2007.02.07 13:05:31 Cookie Name at 1 = saplb_*
2007.02.07 13:05:31 Cookie Name at 2 = JSESSIONID
2007.02.07 13:05:31 Cookie NOT Found!
Log file Output with Firefox
2007.02.07 13:54:15 Cookie Name at 0 = saplb_*
2007.02.07 13:54:15 Cookie Name at 1 = PortalAlias
2007.02.07 13:54:15 Cookie Name at 2 = JSESSIONID
2007.02.07 13:54:15 Cookie Name at 3 = MYSAPSSO2
2007.02.07 13:54:15 Cookie Found!
Thanks
MOY

Michael,
I changed the parameter "httponlycookie" to FALSE and this works. My issue was that when I set the parameter to FALSE, I restarted my J2EE engine. For some odd reason, after the restart this parameter was set back to TRUE. Whats even worse, or maybe even cool, depends how you look at it, is that this parameter is set back to TRUE even if I closed down Visual Admin and fire it up again (without restarting the server). However, in this case SSO still works because the J2EE settings are not updated with this TRUE value. Is there a security setting which sets back this parameter to TRUE every time the server is restarted or when Visual Admin is fired up?
Thanks
MOY

I can not login to a certain account due to an error stating cookie not enabled, however my 3rd party cookies are enabled. How do I correct this?

I can not login to a certain account due to an error stating cookie not enabled, however my 3rd party cookies are enabled. How do I correct this?

COOKIE_DOMAIN=.hackers
I think this is the problem. .hackers is no valid cookie domain. You have to use something like:
.xy.ab
(two points)
I fear it is not possible to correct this easiely. First change the hostname to something allowed e.g. hackers.com
Then open an ldap browser and edit ou=iplanetamplatformservice,ou=services,dc=hackers
There is an entry with an xml. Copy the xml to an editor, search for .hackers, change it to a valid domainname.
Im not sure if a restart of the webserver is necessary here.
Another idea: You could also try to set the cookie domain to solnce.hackers, maybe this is accepted, even if it is not a cookie domain. But I dont know if this works...
hth
Chris

I cannot open my Yahoo Mail but everything else is OK. When I click Yahoo Mail Icon, I get this error message "Safari Cannot open this page. Safari can not establish secure connection with Yahoo Mail.

I cannot open my Yahoo Mail but everything else is OK. When I click Yahoo Mail Icon, I get this error message "Safari Cannot open this page. Safari can not establish secure connection with Yahoo Mail.

It sounds as though a script on the site, or an advertisement, is not working quite right...
When you have a problem with one particular site, a good "first thing to try" is clearing your Firefox cache and deleting your saved cookies for the site.
(1) Bypass Firefox's Cache
Use Ctrl+Shift+r to reload the page fresh from the server.
(You also can clear Firefox's cache completely using:
orange Firefox button ''or'' Tools menu > Options > Advanced
On the Network mini-tab > Cached Web Content : "Clear Now")
(2) Remove the site's cookies using either of these. Save any pending work first.
While viewing a page on the site:
* right-click and choose View Page Info > Security > "View Cookies"
* Alt+t (open the classic Tools menu) > Page Info > Security > "View Cookies"
Then try reloading the page. Does that help?

Why are cookies not deleted when I close Firefox?

Hey,
My problem is that I set Tools / Options / Privacy / History to "Use custom settings for history", and then under cookies I set Keep until: to "I close Firefox".
Yet, when I close my browser and restart none of the cookies are deleted. If I save my tabs, I stay logged in on the websites that are open on the saved tabs. But even if I close the website, and then quit. And then reopen the website after launching Firefox again, I am still logged in. Whereas Firefox is set not to remember any of my usernames or passwords, so the only way this can happen is via cookies. Therefore, the cookies are not deleted. But I can also see it in the list of cookies: it's full of old stuff.
So why are cookies not deleted despite this setting?
Firefox has beeen pretty soft on privacy lately, and frankly I don't understand why. The possibility to have history older than X days automatically deleted has also been gone for a long time, and now this cookie setting doesn't work, either.

Hi madperson,
I turned this setting on a long time ago. Basically, it's one of the first things I do after installing my OS and Firefox. So there shouldn't be so many old cookies there.
But anyways, just now I deleted all the cookies manually via Tools / Options / Privacy / Show Cookies / Remove All Cookies to be sure that all the old stuff is wiped out. And yet it still doesn't work.
I logged in to my Gmail account (the Remember Me box ain't checked), closed the tab containing my Gmail account and then closed Firefox. After that I verified in the Task Manager that firefox.exe is indeed not running anymore. So Firefox definitely shut down properly. Then, I restarted Firefox and opened a tab, entered gmail.com, and I was still logged in, therefore the cookies were not deleted.
I have the 10.1.101.000 version of ZoneAlarm, which as it turns out after googling it is indeed not the latest version (it was released in March 2012). The ZoneAlarm Firefox add-on that automatically comes with the firewall is disabled in Firefox.

Firefox is not saving history even with remember history preference turned on.

Firefox is not saving history even with remember history preference turned on. I have tried reinstalling Firefox but this has not solved the issue. Any help with this is greatly appreciated.

* Make sure that you do not use [[Clear Recent History]] to clear the Browsing History.
* Make sure that the History is set to at least 1 day: Firefox > Preferences > Privacy > History: "Remember visited pages for at least"
* Make sure that you do not run Firefox in Private Browsing mode (Tools > Stop Private Browsing is grayed, see [[Private Browsing]])
* To see History and Cookie settings in Firefox > Preferences > Privacy, choose the setting "Firefox will: Use custom settings for history"
You can look at these prefs on the about:config page to make sure that you keep history.
*http://kb.mozillazine.org/browser.history_expire_days (180) (also affects saved form data)
*http://kb.mozillazine.org/browser.history_expire_days_min (90)

Cookie not being writtern

hi there,
I am having a hard time debugging this simple issue. I tired all my brain and luck but didn't move a bit. Here is my code to write a cookie.
String iCart = "test";
out.println(iCart);
Cookie cookie = new Cookie("iCart",iCart);
cookie.setDomain(".mydomain.com");
cookie.setPath("/");
response.addCookie (cookie); After writing this cookie, If I go to firefox -> tools -> options -> privacy -> cookie -> show all cookies.
I do not see my cookie being written here. Even I wrote a jsp to read all cookie and print. Still I can not see above cookie. here is my code to read the cookie on another JSP page. it brings back all other cookies not the above one.
Cookie cookies[] = request.getCookies ();
 Cookie myCookie = null;
 if (cookies != null)
 %>
 <table border="1" cellpadding="1" cellspacing="1">
 <tr><td>Name</td><td>Value</td></tr>
 <%
 for (int i = 0; i < cookies.length; i++)
 %>
 <tr>
 <td><%=cookies.getName()%></td><td><%=cookies[i].getValue()%></td>
</tr>
<%
 %>
</table>
 <%
 %>

After the lines you have imported the library for your jsp, use your code without printing any thing with out.println or without printing any html tag.
String iCart = "test";
Cookie cookie = new Cookie("iCart",iCart);
cookie.setDomain(".mydomain.com");
cookie.setPath("/");
response.addCookie (cookie);The following are text copied from this link:
http://www.jguru.com/faq/view.jsp?EID=762
Setting cookies from within a JSP page is similar to the way they are done within servlets. For example, the following scriptlet sets a cookie "mycookie" at the client:
<%
Cookie mycookie = new Cookie("aName","aValue");
response.addCookie(mycookie);
%>
Typically, cookies are set at the beginning of a JSP page, as they are sent out as part of the HTTP headers.
Edited by: evilknighthk on Mar 18, 2008 2:25 AM

Shared cookie not deleted from browser

I have two applications running on sbs.bnb.com and sts.bnb.com, I created a cookie with domain .bnb.com name so that it is accessible in both domains, cookie accessing is working fine in both the domains
In logout functionality, i set the cookie max age to 0, still cookie not deleting from browser.
here is the cookie creation and delete logics
cookie creation logic
Cookie token = new Cookie("TOKEN", "12XZCXZC");
token.setDomain(".bnb.com");
token.setMaxAge(-1);
token.setPath("/");
response.addCookie(token);
logic to delete cookie
token.setMaxAge(0);
token.setPath("/");
response.addCookie(token);
still shared cookie not deleted from browser, why?

Try this: create a new cookie with the same name, value, domain and path of the old cookie. Set the maxage of that new cookie to 0 and then add the cookie to the response. I found that as the last response in this thread, perhaps it works:
[the url I ripped this suggestion from|http://www.jguru.com/faq/view.jsp?EID=42225]

FedAuth cookie not geneatred in SP2013 with SiteMinder as Trusted Identity Provider

Similar Messages

Maybe you are looking for