Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-1028

Cookie domain list does not work for C agent

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.0.0.0
    • Fix Version/s: 5.0.0.0
    • Component/s: Web Agents
    • Labels:
    • Environment:
      JASPA: Tomcat / 5.0.0-SNAPSHOT / 20170901
      C Agent: Apache Server 2.4.x 64bit, 5.0.0-SNAPSHOT, Sep 4 2017 16:27:42

      Description

      Agent 5 is always running in CDSSO mode, compare to the agent 4, where CDSSO had to be enabled. Also was necessary to set cookie domain list.

      • C Agent: com.sun.identity.agents.config.cdsso.cookie.domain
      • JASPA: com.sun.identity.agents.config.cdsso.domain

      For agent 5 is not necessary to set cookie domain list. In my example I am using one AM and 2 PAs.

      • PA 1: fqdn=riso-ubuntu14.test.forgerock.com
      • PA 2: fqdn=riso-ubuntu16.test.rck.me

      If I hit PA1, I am redirected to login page, after login I got iPDP cookie with SSO token and iPDP cookie with OIDC token under cookie domain=PA 1 fqdn. After that I hit PA 2 and it was created new iPDP cookie (OIDC ) with cookie domain = PA 2 fqdn. (Cookie was created automatically and user no need to login again). Both cookies has different value, but uses the same session. This behaviour is the same for WPA and JASPA

      Agent 5 with using cookie domain list

      I set following cookie domains for all agent profiles:

      • .test.rck.me
      • .test.forgerock.com

      C Agent
      Seems that cookie domains property is ignored, because cookies are created in the same way as described above (like without setting CDSSO cookie domain list). I can only see, if I hit the PA 2, it tries to delete cookies from this list (see picture)

      JASPA Agent
      When agent is on "CDSSO Redirect URI" (/frqa/sunwCDSSORedirectURI), it tries to create cookies for both domains, it is not used fqdn for OIDC token like above, but the specified cookie domains in list. It is always created only one cookie (domain which is hit), because browser does not allowed to create cookie under different domain. In this case I can not see any cookie reset like it was for C agent.

      Expected:

      C agent 5 should create cookies for all domains set in cookie domain list and keep the same functionality as does JASPA 5 and C Agent 4

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              nick.james Nicholas James
              Reporter:
              richard.hruza Richard Hruza
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: