Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15744

com.sun.identity.enableUniqueSSOTokenCookie=true results in infinite redirects

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 13.5.0, 13.5.1, 5.0
    • 13.5.3
    • cdsso, policy, web agents
    • Rank:
      1|hzzkwv:
    • AM Sustaining Sprint 70
    • 5
    • No
    • Yes
    • No
    • Yes and I used the same an in the description, Yes but I used my own steps. (If so, please add them in a new comment)

      Description

      Bug description

      com.sun.identity.enableUniqueSSOTokenCookie=true results in infinite redirects

      How to reproduce the issue

      Steps used to reproduce
      configure  4 virtualbox  linux hosts running centos

      1. openam1350.vbox.com
      2. apache.vbox.com
      3. apache2.vbox.com
      4. apache3.vbox.com

      1. configured openam1350.vbox.com with an embedded datastore
      2. configure the following agent profiles (The assumption is each of these is a host running apache 2.4) apache.vbox.com, apache2.vbox.com, apache3.vbox.com
      3. Configure cookie hijacking prevention according to https://backstage.forgerock.com/docs/openam/13.5/admin-guide/#enable-cdsso-cookie-hijacking-protection
      4. Install 4.1.0 agent on each apache instance
      5. Configure Authorization Policies for each apache instance. 
      6. Clear browser cache and attempt to access each apache instance

      a. http://apache.vbox.com:7777/ successful
      b. http://apache2.vbox.com:7777/ results in continuous loop to  http://openam1350.vbox.com:8080/openam/cdcservlet?goto=http%3A%2F%2Fapache2.vbox.com%3A7777%2F&RequestID=1575406575500&MajorVersion=1&MinorVersion=0&ProviderID=http%3A%2F%2Fapache2.vbox.com%3A7777%2Famagent&IssueInstant=2019-12-03T20%3A56%3A15Z
      c. also a loop

      Expected behaviour

      direct to AM to authorize
      
      Current behaviour
      sent in a loop
      
      
      

      Work around

      Remove com.sun.identity.enableUniqueSSOTokenCookie property to true

      Code analysis

      OPTIONAL - If you already investigated the code, please share your finding here (remove this text)

      org.forgerock.$className.java
      ...
      

        Attachments

          Issue Links

            Activity

              People

              lawrence.yarham Lawrence Yarham
              steve.nolan Steve Nolan
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: