I’m trying to determine the correct way to tell OpenAM to set a domain= for the iPlanetDirectoryPro cookie after login. I login to login.fr.example.com with a goto=example.fr.example.com parameter. After authenticating, it redirects me successfully, but in viewing the network traffic in the browser’s developer console, I see that the iPlanetDirectoryPro cookie only has a path=/ annotation, not a domain= annotation. This means it is not sent to example.fr.example.com. In viewing the doco, this appears to be the new default for openam.
I want to use a route and filter on my example.fr.example.com domain to look for (and validate) the cookie, but only for certain paths. I can see how to set the domain via the OpenAM admin console (Configure -> Global Services -> Platform -> Cookie Domains) but I want to set it via helm when I deploy into each environment.