[prev in list] [next in list] [prev in thread] [next in thread] 

List:       forgerock-openam
Subject:    [OpenAM] Associate cookie domain with realm
From:       peter.major () forgerock ! com (Peter Major)
Date:       2012-06-27 23:54:28
Message-ID: 4FEB9D34.9010506 () forgerock ! com
[Download RAW message or body]

Nice sample domains! :)
Anyways cookie domains are global settings, you cannot assign cookie 
domains to realms, but please keep in mind that even though you'll have 
multiple Set-Cookie headers, the browser will only accept the domain you 
are actually on.

Peter

2012-06-28 01:42 keltez?ssel, THARP, JOSHUA L ?rta:
> Is there a way to associate the cookie domain with the realm a user
> authenticates against?
>
> In other words, if the user hits the page shire.hobbit.me OpenAM
> authenticates them against the hobbit realm (because shire.hobbit.me is
> in Access Control -> hobbit -> General -> Realm/DNS Aliases), then the
> server sets the cookie for .hobbit.me. Similarly, if a user hits the
> page fanghorn.lotr.me OpenAM authenticates them against the lotr realm
> (because fanghorn.lotr.me is in Access Control -> lotr -> General ->
> Realm/DNS Aliases), then the server sets the cookie for .lotr.me (but
> not for .hobbit.me).
>
> Is a scheme like this possible? In order to get more than one domain
> working I had to add both cookie domains to Configuration -> System ->
> Platform -> Cookie Domains. The side-effect is that authenticating
> against the hobbit realm also sets a cookie for the lotr realm.
>
> Josh

[prev in list] [next in list] [prev in thread] [next in thread]