Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-880

Customized session cookie name in SP application is ignored in RHSSO SAML Adapter + EAP 7 env.

XMLWordPrintable

    • -
    • Hide

      See Attachment setup_and_test.txt.
      Tested using RH-SSO SAML Adapter on EAP 7.0.0 in the attachment, but this issue can be reproduced using the same adapter on EAP 7.0.4.

      Show
      See Attachment setup_and_test.txt. Tested using RH-SSO SAML Adapter on EAP 7.0.0 in the attachment, but this issue can be reproduced using the same adapter on EAP 7.0.4.

      When a user runs an SP (SAML Service Provider) web application in the environment where RH-SSO SAML adapter is installed on EAP 7.0 and the user customizes the session cookie name of the application (without using the default JSESSIONID), the customized session cookie name is not effective (not used) in the actual HTTP request/response headers.

      A new session is created using HttpServletRequest#getSession(true) in the application if there is no current session. Also, the customization is to be done using <session-config><cookie-config><name> in web.xml like below.

           <session-config>
          <cookie-config>
              <name>MYSESSIONID</name>
          </cookie-config>
      </session-config>

      The user wants to use the customized session cookie name in the SP application.

        1. setup_and_test.txt
          8 kB

              mhajas@redhat.com Michal Hajas
              rhn-support-myoshida Masato Yoshida
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: