Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15681

DOCS: Quick start guide suggests to change cookie domain to .example.com which breaks AM when using Tomcat 8.5+

    XMLWordPrintable

    Details

    • Rank:
      1|hzzg27:

      Description

      The Quick Start Guide for AM 6.5 still suggests to adjust the cookie domain from .openam.example.com to .example.com here: https://backstage.forgerock.com/docs/am/6.5/quick-start-guide/#adjust-the-cookie-domain.

      Current users are likely to use the latest Tomcat versions for which the change will break AM.

      See https://bugster.forgerock.org/jira/browse/OPENAM-10211 and https://backstage.forgerock.com/knowledge/kb/article/a73027813

      See comment: 

      Tomcat enforces stricter checking for valid cookie domain values per RFC 1034 and RFC 6265. In Tomcat 8.0.x, a leading dot was required for cookie domains, whereas this is no longer permitted in 8.5 and later.

      Furthermore, long cookie domains can be kept as the latest web agents use OAuth2 and will be able to set the cookie on their own domain out of the box (no need to set up CDSSO anymore).

       

        Attachments

          Activity

            People

            laetitia.ellison Laetitia Ellison [X] (Inactive)
            nathalie.hoet Nathalie Hoet
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: