I have a custom STS built with WIF 3.5. I have 2 relying parties on the same server. The config follows:
RP1:
<audienceUris mode="Always">
<clear />
<add value="https://server1:1843/RP1/" />
</audienceUris>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="https://server2:1743/" realm="https://server1:1843/RP1/" requireHttps="true" />
<cookieHandler requireSsl="true" />
</federatedAuthentication>
RP2:
<audienceUris mode="Always">
<clear />
<add value="https://server1:1643/" />
</audienceUris>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="https://server2:1743/" realm="https://server1:1643/" requireHttps="true" />
<cookieHandler requireSsl="true" />
</federatedAuthentication>
With this config everything works as expected. If I log into RP1 and then browse to RP2 I get redirected to the STS on server2. However, if I change the config for RP 1 as follows:
<cookieHandler requireSsl="true" path="/" />
after logging into RP1 when I browse to RP2 I am not redirected to the STS on server2 and I can access RP2.
Why would this configuration in RP1 allow or deny access to RP2?