Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-15574

[GSS](7.2.z) domain="undefined" in JSESSIONIDSSO

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.2.1.CR1, 7.2.1.GA
    • 7.1.4.GA
    • Undertow
    • None
    • Hide

      Set the domain explicitly:

      [standalone@localhost:9990 /] /subsystem=undertow/application-security-domain=ApplicationDomain/setting=single-sign-on:write-attribute(name=domain, value=localhost)
      {"outcome" => "success"}
      
      Show
      Set the domain explicitly: [standalone@localhost:9990 /] /subsystem=undertow/application-security-domain=ApplicationDomain/setting=single-sign-on:write-attribute(name=domain, value=localhost) { "outcome" => "success" }
    • Hide

      0. create a user with the role "guest" in ApplicationRealm:

      $ cd $JBOSS_HOME/
      $ ./bin/add-user.sh
      

      1. create keystore:

      $ cd $JBOSS_HOME/standalone/configuration
      $ keytool -genkey -alias single-sign-on -keystore single-sign-on.jks -storepass password
      

      2. configure sso:

      [standalone@localhost:9990 /] /subsystem=elytron/key-store=single-sign-on:add(path=single-sign-on.jks, type=JKS, relative-to=jboss.server.config.dir,credential-reference={clear-text=password})
      [standalone@localhost:9990 /] /subsystem=undertow/application-security-domain=ApplicationDomain:add(http-authentication-factory=application-http-authentication)
      [standalone@localhost:9990 /] /subsystem=undertow/application-security-domain=ApplicationDomain/setting=single-sign-on:add(key-alias=single-sign-on, credential-reference={clear-text=password},key-store=single-sign-on)
      

      3. restart the server and deploy the attached test.war

      4. access http://localhost:8080/test/secure/ and submit username/password created in the step 0. Then you can see the invalid domain name "undefined" in the response header:

      Set-Cookie: JSESSIONIDSSO=H_xYotFv_g4dUibKUXxkK5zaFx-IESzIHHDvmeEW; path=/; domain=undefined
      
      Show
      0. create a user with the role "guest" in ApplicationRealm: $ cd $JBOSS_HOME/ $ ./bin/add-user.sh 1. create keystore: $ cd $JBOSS_HOME/standalone/configuration $ keytool -genkey -alias single-sign-on -keystore single-sign-on.jks -storepass password 2. configure sso: [standalone@localhost:9990 /] /subsystem=elytron/key-store=single-sign-on:add(path=single-sign-on.jks, type=JKS, relative-to=jboss.server.config.dir,credential-reference={clear-text=password}) [standalone@localhost:9990 /] /subsystem=undertow/application-security-domain=ApplicationDomain:add(http-authentication-factory=application-http-authentication) [standalone@localhost:9990 /] /subsystem=undertow/application-security-domain=ApplicationDomain/setting=single-sign-on:add(key-alias=single-sign-on, credential-reference={clear-text=password},key-store=single-sign-on) 3. restart the server and deploy the attached test.war 4. access http://localhost:8080/test/secure/ and submit username/password created in the step 0. Then you can see the invalid domain name "undefined" in the response header: Set-Cookie: JSESSIONIDSSO=H_xYotFv_g4dUibKUXxkK5zaFx-IESzIHHDvmeEW; path=/; domain=undefined

      When SSO is enabled and the domain is undefined, the JSESSIONIDSSO cookie has a invalid domain="undefined" as follows:

      Set-Cookie: JSESSIONIDSSO=H_xYotFv_g4dUibKUXxkK5zaFx-IESzIHHDvmeEW; path=/; domain=undefined
      

              rhn-support-hokuda Hisanobu Okuda
              rhn-support-hokuda Hisanobu Okuda
              Daniel Cihak Daniel Cihak
              Daniel Cihak Daniel Cihak
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: