Symptoms
The store is configured with the suffix, e.g. brandname.com/store, as well as control panel, e.g brandname.com/cp. The customers are not able to login to the control panel from the store. In the store.log an exception similiar to below can be seen:
[17-05-22 21:31:51.583 TEMPLATESTORE 0482597 NTE] ViewAccount::CurlPost : https://brandname.com/cp/servlet/Sessions
[17-05-22 21:31:51.977 TEMPLATESTORE 0482597 NTE] ViewAccount::CurlOpen result : <html><head><title>Apache Tomcat/7.0.55 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 403 - ERROR:javax.servlet.ServletException: Can't login</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>ERROR:javax.servlet.ServletException: Can't login</u></p><p><b>description</b> <u>Access to the specified resource has been forbidden.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.55</h3></body></html>
Cause
The issue is caused by the bug with id #POA-84709 ("SSO login to brand with access url (with suffix) doesn't work").
Resolution
Update branding_htaccess: change rewrite rule for brand from
RewriteRule ^servlet/Sessions(.*)$ http://1.3.2.1:8080/servlet/Sessions/referer/branding-70-mytestbrand000.com/$1 [P]
to
RewriteRule ^cp/servlet/Sessions(.*)$ http://1.3.2.1:8080/servlet/Sessions/referer/branding-70-mytestbrand000.com/$1 [P]
where cp is URL suffix.