Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10211

Release notes should point to KBA a73027813 to address issues introduced with the new cookie processor in Tomcat 8.5 and later

    Details

      Description

      The following KBA addresses a change to the cookie processor in Tomcat 8.5 and later which prevents OpenAM Login page from loading and causes failures with ssoadm.

      Login page does not load or ssoadm fails in OpenAM 12.x or 13.x running on Apache Tomcat 8.5 or 9
      https://backstage.forgerock.com/knowledge/kb/article/a73027813

      Cause:
      Tomcat now enforces stricter checking for valid cookie domain values per RFC 1034 and RFC 6265. In Tomcat 8.0.x, a leading dot was required for cookie domains, whereas this is no longer permitted in 8.5 and later.

      Many of our customers and support engineers have faced this issue. The feedback we've received is that, this is important KBA and it would be very beneficial if the Release Notes would also point to it.

      The article contains Related Issue Tracker IDs:

      OPENAM-8668 (Fresh install of OpenAM doesn't load the login page on some Tomcat versions)

      OPENAM-1983 (Configuration fail with second level FQDN like "example.com")

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                austingene Gene Hirayama
                Reporter:
                salbertelli01 sheila albertelli
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: