Federation GUID cookie has expiration of only 3 minutes

Document ID:  TEC1504468
Last Modified Date:  07/05/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details


  • CA Single Sign-On


  • CA Single Sign-On:Release:12.52 SP1



We're running Federation with one of our partners. When the Service Provider generates an SAML 2.0 AuthnRequest over HTTP-POST and the user takes more than 3 minutes to complete the authentication process, the transaction fails with a 400 error. Why ? How can we fix this ?

Policy Server Version: 12.52 SP1 CR5 Policy Server OS: RHEL 6.8 SPS Version: 12.52 SP1 SPS OS: RHEL 6.8

For POST Authnrequest Bindings, we generate a persistent GUID cookie. By default, we set this cookie expiration time to 3 minutes. Once the expiration time has passed, we end up with an error.


This is fixed in Policy Server, Policy Store structure ( FedObjects.xdd, FssSmObjects.xdd ), Web Agent Option Pack and AdminUI 12.52SP1CR08. You have to upgrade all these components to get the functionality from this fix.

> Added new text field with name "GUID Cookie Validity Durartion (Seconds), in SAML2, IDP-SP Partnership, to provide value, when AuthnRequest POST Binding is selected. This value should be >=180 and <=9999.

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255


Not what you were looking for?

Search Again >

Product Information

Support by Product >


Join a Community >

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required


We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile

  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.

    Rate Your Chat Experience.


agent is typing