6.5.3. Configuring Web Policy Agent SSO Properties

This section covers SSO web agent properties. After creating the agent profile, you access these properties in the OpenAM console under Access Control > Realm Name > Agents > Web > Agent Name > SSO

Cookie properties

Cookie Name

Name of the SSO Token cookie used between the OpenAM server and the agent. Default: iPlanetDirectoryPro.

Property: com.sun.identity.agents.config.cookie.name

Hot swap: no

Cookie Security

When enabled, the agent marks cookies secure, sending them only if the communication channel is secure.

Property: com.sun.identity.agents.config.cookie.secure

Hot swap: no

HTTPOnly Cookies (Not yet in OpenAM console)

As of version 3.0.5, web policy agents with this property set to true mark cookies as HTTPOnly, to prevent scripts and third-party programs from accessing the cookies.

Property: com.sun.identity.cookie.httponly

Cross Domain SSO properties

Cross Domain SSO

Enables Cross Domain Single Sign On.

Property: com.sun.identity.agents.config.cdsso.enable

CDSSO Servlet URL

List of URLs of the available CDSSO controllers that the agent can use for CDSSO processing. For example, http://openam.example.com:8080/openam/cdcservlet.

Property: com.sun.identity.agents.config.cdsso.cdcservlet.url

Cookies Domain List

List of domains, such as .example.com, in which cookies have to be set in CDSSO. If this property is left blank, then the fully qualified domain name of the cookie for the agent server is used to set the cookie domain, meaning that a host cookie rather than a domain cookie is set.

To set the list to .example.com, and .example.net using the configuration file property, include the following. 

com.sun.identity.agents.config.cdsso.cookie.domain[0]=.example.com 
com.sun.identity.agents.config.cdsso.cookie.domain[1]=.example.net

Property: com.sun.identity.agents.config.cdsso.cookie.domain

Cookie Reset properties

Cookie Reset

When enabled, agent resets cookies in the response before redirecting to authentication.

Property: com.sun.identity.agents.config.cookie.reset.enable

Cookie Reset Name List

List of cookies in the format name[=value][;Domain=value].

Concrete examples include the following with two list items configured.

  • LtpaToken, corresponding to com.sun.identity.agents.config.cookie.reset[0]=LtpaToken. The default domain is taken from FQDN Default.

  • token=value;Domain=subdomain.domain.com, corresponding to com.sun.identity.agents.config.cookie.reset[1]= token=value;Domain=subdomain.domain.com

Property: com.sun.identity.agents.config.cookie.reset