OpenAM Server Cookie Name vs Agent Cookie Name

Tagged: 

This topic contains 4 replies, has 3 voices, and was last updated by  kpattana 1 month, 2 weeks ago.

  • Author
    Posts
  • #19109
     kpattana 
    Participant

    What is the Role of Agent-cookie(om.iplanet.am.cookie.name) over OpenAM-server-cookie (com.iplanet.am.cookie.name) ? Lets say I set Server-CookieName as “OpenAMServerCookie” and Agent-Cookie-Name(s) as “App1Cookie”, “App2Cookie” etc.

    After a successful authentication to protected-App(s)
    (1) Will Server cookie override all the agent Cookie ? So browser will have only “OpenAMServerCookie” and no other agent cookie(s) ?

    (2) What is the recommended solution ? Should the Server Cookies and Agent Cookie be same ?

    Thanks,
    Kabi

    #19118
     Scott Heger 
    Participant

    The Server cookie name is the name of the cookie that OpenAM will set in the user’s browser with the SSOToken as the value. The Agent cookie name is the name of the cookie that the agent should look for. Those should be the same or you will get yourself into a redirect loop.

    #19150
     kpattana 
    Participant

    Thank You Scott. If both Server and Agent cookie name should be same, Why there is an option to edit the Agent-Cookie Name ?

    -Kabi

    #19158
     Andy Cory 
    Participant

    I’m pretty sure it’s just practicalities. If you change the server cookie name from the default (which you absolutely should), code within AM would have to keep its web agent config up to date, and probably writing that functionality into the product isn’t a high priority. It’s left to the implementor. This makes sense to me, especially as most deployments of AM and the agents will be scripted in some way. Also, its possible to have an agent’s configuration local to the agent instead of within OpenAM (and pushed to the agent). In this case you would have to make sure the cookie names matched manually anyway. It seems simpler to make it a general rule – if you change cookie name ‘here’, you must change it ‘there’ too, rather than sometimes you must change it ‘there’.

    -Andy

    #19311
     kpattana 
    Participant

    Thanks Andy

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2017 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?