Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11646

Cookie values wrapped in double quotes

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 14.0.0, 14.1.0, 14.1.1
    • Fix Version/s: 14.5.0
    • Component/s: session
    • Labels:
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      After logging in with OOTB AM interface, iPlanetDirectoryPro cookie value is wrapped in double quotes. Application logic calling AM REST APIs fail when the SSO token contains double quotes. Prior versions of OpenAM did not wrap the cookie value in double quotes.

      How to reproduce the issue

      Log into both OpenAM 13.x and OpenAM 14.x that has a simple web application protected by the web agent.

      1. AM 13.x ... Access protected web app, login via OOTB AM interface ... notice that cookie does not have double quotes around it.
      2. AM 14.x ... Access protected we app, login via OOTB AM interface ... notice that cookie does have double quotes around it.
      Expected behaviour

      No double quotes around cookie value

      Current behaviour

      Contains double quotes around cookie value

      Work around

      Modify application logic to check cookie value for double quotes and remove them. This is only necessary when the cookie value is used for things other than setting a cookie

      Code analysis

        Attachments

          Activity

            People

            • Assignee:
              phil.ostler Phil Ostler [X] (Inactive)
              Reporter:
              sfehrman Scott Fehrman
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: