SSO between MWS (Portlet) and IS

I followed the steps published in the Technical Note to use SAML authentication for SSO between MWS and IS and it worked well after a few server bounces and “killing” MWS sessions already open on the IS (which somehow does not look like a clean way of doing things). However, it does not seem to be consistent because it stops working with “Access Denied” exception after a while. I even got a new user added in external Database configured as a Directory Service to be able to authenticate, but after a while this too stops working.

My observation was that since my Designer was configured to auto deploy CAF portlet app to MWS upon any change (even if the change was in a different portlet altogether but part of the same portlet app), this may actually affect things(?).

Has anyone had a similar issue/ experience? If so, how did you get around it?

Thanks - Raj

Did you give the AuthenticationMethods in portlet which is 3 so that it uses SAML authentication