The Persistent Cookie module supports configuration of cookie lifetimes, based on requests and a maximum time. It is the preferred method for creating a persistent cookie. If you choose this method, be aware that it does not interact with the persistent cookie options associated with the Core Authentication module.
ssoadm service name:
iPlanetAMAuthPersistentCookieService
To configure the Persistent Cookie Module globally in the console, navigate to Configuration > Authentication > Persistent Cookie. In the window that appears you should see the following attributes:
- Idle Timeout
-
Specify the maximum idle time between requests, in hours. If that time is exceeded, the cookie is no longer valid.
ssoadm attribute:
openam-auth-persistent-cookie-idle-time - Max Life
-
Specify the maximum life of the cookie in hours.
ssoadm attribute:
openam-auth-persistent-cookie-max-life
The Persistent Cookie module belongs with a second module in an authentication chain. To see how
this works, navigate to Access Control > Realm Name > Authentication > New.
Enter a name for the chain and add modules as shown in the figure. The following example shows how a
Persistent Cookie module is sufficient; if that cookie does not yet exist, authentication in this case
relies on a data store module such as LDAP.
Scroll down in the properties page for the chain. You should set the
PersistentCookieAuthModule as shown in the following figure:
You should now be able to authenticate automatically, as long as the cookie exists for the associated domain.
![[Note]](common/images/admon/note.png) |
Note |
|---|---|
|
Unlike the legacy Core Authentication module, the Persistent Cookie module does not support the iPSPCookie option described in Section 2.5, “Authenticating To OpenAM” |
