Good afternoon, 

I've reviewed available documentation and I'm not finding much regarding the WebSTS version 12 Cookie Protection configuration requirements.

We have a scenario where we have a WebSTS (STS1) on a LFWeb server where components like Forms and Web Client are installed and a WebSTS (STS2) on a LFApp server where components like LFDS and LFS are installed. 
 

Originally we configured the STS1 and STS2 endpoint utilities with the Cookie Protection>Cookie Handler configured to "Encrypt for multiple STS instances". What we are finding is with them configured this way when users attempt to sign into the web components they are redirected back to the sign in page. If the Cookie Protection>Cookie handler configured to "No Encryption" or "Encrypt for Single STS instance", sign in work as expected redirecting to the laserfiche repository.

It's my understanding that when multiple STS instances is configured, a shared key for encrypting cookies would be used. Set to a single STS instance, it uses it's own key. But I'm not finding much on how this key is shared, if there is any additional comms that needs to be open between STS1 and STS2 for this configurations, etc. 

Hoping someone here may be able to provide some guidance!