You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2005/05/03 13:39:22 UTC

DO NOT REPLY [Bug 34724] New: - Domain for single sign-on cookie

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=34724>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=34724

           Summary: Domain for single sign-on cookie
           Product: Tomcat 5
           Version: 5.5.9
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: oros@apache.org


I have the following setup:

- Apache webserver in front of Tomcat 5.5.9
- three 3rd-level domains www.mydomain.xa, search.mydomain.xa, my.mydomain.xa
- Single Sign-On valve in Tomcat is activated
- Login is handled by my.mydomain.xa and it's corresponding webapp under context /My

The problem with the SSO cookie created by Tomcat after successful login is that
the domain name stored with the cookie is my.mydomain.xa. Therefore the SSO
cookie is not sent by the user agent if a request goes to www.mydomain.xa or
search.mydomain.xa and single-sign on is not working for these subdomains.

So I need a way to tell tomcat to set '.mydomain.xa' as the domain of the SSO
cookie so it will the sent by the user agent for all subdomains. Therefore I
introduced the system property 'tomcat.sso.cookie.domain' and added a few lines
to AuthenticatorBase.java where the value of named system property is used - if
available - to set the SSO cookie's domain (see attached patch). The system
property can be set in the startup script for example.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org