Affects Version/s: 10.0.0-EA, 10.0.0, 10.0.1, 10.1.0-Xpress, 10.0.2, 11.0.0
Environment:Oracle JDK "1.7.0_17"
OpenAM 10.1-Xpress on Tomcat 7.0.37
Web Policy agent 3.1.0-Xpress for Apache http server 2.2 on Ubuntu 12.04
Support Ticket IDs:
Steps to reproduce:
OpenAM handles FQDN X.DOMAIN1
- subrealm A
- subrealm B
Apache http server / agents handles FQDNs
- FQDN Y.DOMAIN2
- FQDN Z.DOMAIN3
Agent is configured in CDSSO mode and uses conditional loginURL
1) Browser has no SSO tracking cookie
2) Access resource on 'Y.DOMAIN2'
3) Agent redirects to CDCServlet which shows auth screen for realm A
4) Login to realm A
5) Access resource on 'Z.DOMAIN3'
6) Agent redirects to CDCServlet which shows 'new_org.jsp'
7) click 'yes' when asked for 'You have already logged in. Do you want to log out and then login to a different organization?'
8) No login screen appears but browser is redirected back to originally requested resource
Most likely this is due to the following error, appearing in Authentication debug log.
Attached is Authentication debug log when 'new_org' is triggered