Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-11071

domain="undefined" in JSESSIONIDSSO

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 14.0.0.Final
    • Fix Version/s: None
    • Component/s: Web (Undertow)
    • Labels:
      None
    • Steps to Reproduce:
      Hide

      0. create a user with the role "guest" in ApplicationRealm:

      $ cd $JBOSS_HOME/
      $ ./bin/add-user.sh
      

      1. create keystore:

      $ cd $JBOSS_HOME/standalone/configuration
      $ keytool -genkey -alias single-sign-on -keystore single-sign-on.jks -storepass password
      

      2. configure sso:

      [standalone@localhost:9990 /] /subsystem=elytron/key-store=single-sign-on:add(path=single-sign-on.jks, type=JKS, relative-to=jboss.server.config.dir,credential-reference={clear-text=password})
      [standalone@localhost:9990 /] /subsystem=undertow/application-security-domain=ApplicationDomain:add(http-authentication-factory=application-http-authentication)
      [standalone@localhost:9990 /] /subsystem=undertow/application-security-domain=ApplicationDomain/setting=single-sign-on:add(key-alias=single-sign-on, credential-reference={clear-text=password},key-store=single-sign-on)
      

      3. restart the server and deploy the attached test.war

      4. access http://localhost:8080/test/secure/ and submit username/password created in the step 0. Then you can see the invalid domain name "undefined" in the response header:

      Set-Cookie: JSESSIONIDSSO=H_xYotFv_g4dUibKUXxkK5zaFx-IESzIHHDvmeEW; path=/; domain=undefined
      
      Show
      0. create a user with the role "guest" in ApplicationRealm: $ cd $JBOSS_HOME/ $ ./bin/add-user.sh 1. create keystore: $ cd $JBOSS_HOME/standalone/configuration $ keytool -genkey -alias single-sign-on -keystore single-sign-on.jks -storepass password 2. configure sso: [standalone@localhost:9990 /] /subsystem=elytron/key-store=single-sign-on:add(path=single-sign-on.jks, type=JKS, relative-to=jboss.server.config.dir,credential-reference={clear-text=password}) [standalone@localhost:9990 /] /subsystem=undertow/application-security-domain=ApplicationDomain:add(http-authentication-factory=application-http-authentication) [standalone@localhost:9990 /] /subsystem=undertow/application-security-domain=ApplicationDomain/setting=single-sign-on:add(key-alias=single-sign-on, credential-reference={clear-text=password},key-store=single-sign-on) 3. restart the server and deploy the attached test.war 4. access http://localhost:8080/test/secure/ and submit username/password created in the step 0. Then you can see the invalid domain name "undefined" in the response header: Set-Cookie: JSESSIONIDSSO=H_xYotFv_g4dUibKUXxkK5zaFx-IESzIHHDvmeEW; path=/; domain=undefined
    • Workaround Description:
      Hide

      Set the domain explicitly:

      [standalone@localhost:9990 /] /subsystem=undertow/application-security-domain=ApplicationDomain/setting=single-sign-on:write-attribute(name=domain, value=localhost)
      {"outcome" => "success"}
      
      Show
      Set the domain explicitly: [standalone@localhost:9990 /] /subsystem=undertow/application-security-domain=ApplicationDomain/setting=single-sign-on:write-attribute(name=domain, value=localhost) { "outcome" => "success" }

      Description

      When SSO is enabled and the domain is undefined, the JSESSIONIDSSO cookie has a invalid domain="undefined" as follows:

      Set-Cookie: JSESSIONIDSSO=H_xYotFv_g4dUibKUXxkK5zaFx-IESzIHHDvmeEW; path=/; domain=undefined
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  swd847 Stuart Douglas
                  Reporter:
                  hisanobu.okuda Hisanobu Okuda
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: