WARNING: LdapSPValidator.validateAndGetRestriction: Invalid agent ID: http://stqa.as.com.sg:80/
Finally after much research, I found a link from Oracle. Not exactly the same deployment, but similar sympton.
The Web Proxy Agent 2.2-01 in Cross Domain Single Sign-on mode does not work with Access Manager 7.1 Patch . The agentRootURL requirement was added as a security measure to ensure that CDC is handing off ssotoken cookie to trusted agents running at known URLs.
- Go to Access Control > / (Top Level Realm) > Agents > 2.2 Agents > UrlAccessAgent
- Key in agentRootURL=http://stqa.as.com.sg:80/ to Agent Key Value(s).