Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15681

DOCS: Quick start guide suggests to change cookie domain to .example.com which breaks AM when using Tomcat 8.5+

    Details

      Description

      The Quick Start Guide for AM 6.5 still suggests to adjust the cookie domain from .openam.example.com to .example.com here: https://backstage.forgerock.com/docs/am/6.5/quick-start-guide/#adjust-the-cookie-domain.

      Current users are likely to use the latest Tomcat versions for which the change will break AM.

      See https://bugster.forgerock.org/jira/browse/OPENAM-10211 and https://backstage.forgerock.com/knowledge/kb/article/a73027813

      See comment: 

      Tomcat enforces stricter checking for valid cookie domain values per RFC 1034 and RFC 6265. In Tomcat 8.0.x, a leading dot was required for cookie domains, whereas this is no longer permitted in 8.5 and later.

      Furthermore, long cookie domains can be kept as the latest web agents use OAuth2 and will be able to set the cookie on their own domain out of the box (no need to set up CDSSO anymore).

       

        Attachments

          Activity

            People

            • Assignee:
              laetitia.ellison Laetitia Ellison [X] (Inactive)
              Reporter:
              nathalie.hoet Nathalie Hoet
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: