Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-1028

Cookie domain list does not work for C agent



    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s:
    • Fix Version/s:
    • Component/s: Web Agents
    • Labels:
    • Environment:
      JASPA: Tomcat / 5.0.0-SNAPSHOT / 20170901
      C Agent: Apache Server 2.4.x 64bit, 5.0.0-SNAPSHOT, Sep 4 2017 16:27:42


      Agent 5 is always running in CDSSO mode, compare to the agent 4, where CDSSO had to be enabled. Also was necessary to set cookie domain list.

      • C Agent: com.sun.identity.agents.config.cdsso.cookie.domain
      • JASPA: com.sun.identity.agents.config.cdsso.domain

      For agent 5 is not necessary to set cookie domain list. In my example I am using one AM and 2 PAs.

      • PA 1: fqdn=riso-ubuntu14.test.forgerock.com
      • PA 2: fqdn=riso-ubuntu16.test.rck.me

      If I hit PA1, I am redirected to login page, after login I got iPDP cookie with SSO token and iPDP cookie with OIDC token under cookie domain=PA 1 fqdn. After that I hit PA 2 and it was created new iPDP cookie (OIDC ) with cookie domain = PA 2 fqdn. (Cookie was created automatically and user no need to login again). Both cookies has different value, but uses the same session. This behaviour is the same for WPA and JASPA

      Agent 5 with using cookie domain list

      I set following cookie domains for all agent profiles:

      • .test.rck.me
      • .test.forgerock.com

      C Agent
      Seems that cookie domains property is ignored, because cookies are created in the same way as described above (like without setting CDSSO cookie domain list). I can only see, if I hit the PA 2, it tries to delete cookies from this list (see picture)

      JASPA Agent
      When agent is on "CDSSO Redirect URI" (/frqa/sunwCDSSORedirectURI), it tries to create cookies for both domains, it is not used fqdn for OIDC token like above, but the specified cookie domains in list. It is always created only one cookie (domain which is hit), because browser does not allowed to create cookie under different domain. In this case I can not see any cookie reset like it was for C agent.


      C agent 5 should create cookies for all domains set in cookie domain list and keep the same functionality as does JASPA 5 and C Agent 4


          Issue Links



              nick.james Nicholas James
              richard.hruza Richard Hruza
              0 Vote for this issue
              1 Start watching this issue