Show Table of Contents
19.11. Cookie Domain
19.11.1. About the Cookie Domain
The cookie domain refers to the set of hosts able to read a cookie from the client browser which is accessing your application. It is a configuration mechanism to minimize the risk of third parties accessing information your application stores in browser cookies.
The default value for the cookie domain is
/. This means that only the issuing host can read the contents of a cookie. Setting a specific cookie domain makes the contents of the cookie available to a wider range of hosts. To set the cookie domain, refer to Section 19.11.2, “Configure the Cookie Domain for Single Sign On”.
19.11.2. Configure the Cookie Domain for Single Sign On
To enable your SSO valve to share a SSO context, configure the cookie domain in the valve configuration. The following configuration would allow applications on
http://app1.xyz.com and http://app2.xyz.com to share an SSO context, even if these applications run on different servers in a cluster or the virtual host with which they are associated has multiple aliases.
Clustered SSO (shared against clustered JBoss EAP instances)
Using the CLI (in Standalone mode):
/subsystem=web/virtual-server=default-host/sso=configuration:add(cache-container="web",cache-name="sso")
Editing
standlone.xml or domain.xml and append the below to the relevant web subsystem:
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false"> <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/> <virtual-server name="default-host" enable-welcome-root="true"> <alias name="localhost"/> <alias name="example.com"/> <sso cache-container="web" cache-name="sso"/> <!--FIXME: ADD this Line--> </virtual-server> </subsystem>
Non-Clustered SSO (SSO only shared against instances within the Jboss EAP instances)
Using the CLI (in Standalone mode):
/subsystem=web/virtual-server=default-host/sso=configuration:add()
Editing
standlone.xml or domain.xml and append the below to the relevant web subsystem:
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false"> <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/> <virtual-server name="default-host" enable-welcome-root="true"> <alias name="localhost"/> <alias name="example.com"/> <sso/> <!--FIXME: ADD this Line--> </virtual-server> </subsystem>
The Single Sign On (SSO) configuration in JBoss EAP 6 includes a domain attribute that can be specified. For example:
/subsystem=web/virtual-server=default-host/sso=configuration:add(domain="example.com",...)
Which adds the following SSO configuration:
<sso domain="example.com"/>
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.