In a scenario where you have a TSPS HA setup with:
and a Load Balancer using a hostname of:
When logging into the active node of TSPS, there is no problem.
If attempting to login via the URL using the LB hostname, you receive an error:
Forbidden request! Goto url should be aligned with a RSSO cookie domain.
Login to the Remedy SSO Admin console, and verify the cookie domain setting.
With the above example, if the cookie domain is set to servers.company.com, then it would fail for the load balancer, because that host is in the intranet.company.com subdomain.
In such a scenario, change the cookie domain to just company.com, so that it is applicable to both subdomains.