Agent 5 is always running in CDSSO mode, compare to the agent 4, where CDSSO had to be enabled. Also was necessary to set cookie domain list.
- C Agent: com.sun.identity.agents.config.cdsso.cookie.domain
- JASPA: com.sun.identity.agents.config.cdsso.domain
For agent 5 is not necessary to set cookie domain list. In my example I am using one AM and 2 PAs.
- PA 1: fqdn=riso-ubuntu14.test.forgerock.com
- PA 2: fqdn=riso-ubuntu16.test.rck.me
If I hit PA1, I am redirected to login page, after login I got iPDP cookie with SSO token and iPDP cookie with OIDC token under cookie domain=PA 1 fqdn. After that I hit PA 2 and it was created new iPDP cookie (OIDC ) with cookie domain = PA 2 fqdn. (Cookie was created automatically and user no need to login again). Both cookies has different value, but uses the same session. This behaviour is the same for WPA and JASPA
I set following cookie domains for all agent profiles:
When agent is on "CDSSO Redirect URI" (/frqa/sunwCDSSORedirectURI), it tries to create cookies for both domains, it is not used fqdn for OIDC token like above, but the specified cookie domains in list. It is always created only one cookie (domain which is hit), because browser does not allowed to create cookie under different domain. In this case I can not see any cookie reset like it was for C agent.
C agent 5 should create cookies for all domains set in cookie domain list and keep the same functionality as does JASPA 5 and C Agent 4