Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-1002

persistent cookie doesn't work for subrealm with different datastore than default realm

    XMLWordPrintable

    Details

    • Rank:
      1|hzn45z:

      Description

      preparation:
      1) create subrealm called "subrealm00"
      2) change datastore of subrealm00 to Active Directory
      NOTE: problem will reproduce without AD, but since AD uses CN and openDJ uses UID as RDN, the problem can be easily reproduced this way.

      3) set ignore profile under Authentication
      a. click [Access Control] tab -> select subrealm00
      b. click [Authentication] tab -> "All Core Settings ..." button
      c. set "User Profile : Ignored"
      d. click [Save] button
      4) turn persistent cookie on
      a. click [Access Control] tab -> select realm
      b. click [Authentication] tab -> "All Core Settings ..." button
      c. enable persistent cookie mode and provide maximum time
      Persistent Cookie Mode: Enabled
      Persistent Cookie Maximum Time: XXX seconds
      d. click "Save" button
      4) access login screen
      http://[localhost]:[port]/opensso/UI/Login?realm=subrealm00&iPSPCookie=yes
      5) after successful login, close the browser
      6) start another browser session and access protected URL
      6-repro) you will see authentication error

        Attachments

          Activity

            People

            sachiko Sachiko Wallace
            sachiko Sachiko Wallace
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: