Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-3033

Better SSO configuration


      When enabling Undertow SSO in standalone.xml, the only option to tweak is the cookie domain.

      My life would be made easier by two changes:

      1) If the domain is not specified, the SSO cookie should have no domain set. This will make the browser apply the domain from the URL being requested. Currently the cookie domain gets populated with a value from the enclosing XML element.

      2) There's no way of setting the cookie path, which makes this less useful for services on different URLs. I propose adding a path attribute to the SSO XML element, which would set the cookie path. For example:

      <single-sign-on path="/" />

      Right now my workaround is to use my reverse proxy (Apache) to edit response headers and modify the cookie, removing the domain and adding the path. If anyone else needs the workaround:

      Header edit Set-Cookie "^JSESSIONIDSSO=([^; ])." "JSESSIONIDSSO=$1; path=/"

            tomazcerar Tomaž Cerar (Inactive)
            tinche_jira Tin Tvrtkovic (Inactive)
            4 Vote for this issue
            10 Start watching this issue
