login-token Cookie is not getting added into subsequent requests by browser



I am trying to integrate AEM with SAML. We are currently using a different IDP ( Call it IDP-OLD)  and moving to a new IDP ( IDP-New).

While integrating with IDP-OLD, the SAML Assertion Consumption URL was /content/saml_login. This Servlet created a cookie which was login-token which is httponly secure;. This cookie was sent back in all the remaining request by browser and AEM identified the token and considered the user as logged in.

While testing with IDP-NEW System, when IDP sends SAML Assertion to /saml_login, same login-token cookie is generated which is httponly and secure

Unfortunately this login-token cookie is not sent back by browser in the subsequent requests, which makes AEM thinks that the user is not logged in.

Both servers are HTTPS and secure.

Can anyone help me what could be the issue here?

Accepted Solutions (0)

Answers (2)

Answers (2)



Unfortunately it was a very silly mistake. the assertion consumption URL was for a different domain while the cookie was required on a different domain.