Crowd 2.0 started validating the SSO Domain defined by the admin.

The possible values are:

1-) Empty
2-) The current domain (ie. domain.com)
3-) The dot plus the current domain (ie .domain.com)

The current domain is the one being used to access Crowd console. However if Crowd is behind a proxy, when the admin tries to save the new SSO Domain value, ServletActionContext.getRequest().getServerName(); is run and returns the machine (Crowd Tomcat) domain, not the domain defined by the proxy and actually being used to access the console.

Example:

Domain defined by the proxy and being used to access Crowd: domain.com
Machine domain: machine_name

Instead of using the getServerName() to obtain the local domain, Crowd should try to know what is the actual domain.

The workaround for this situation is to set the proxy domain in the local Tomcat connector proxyName attribute. This way, the getServerName() call will be returning the same domain as the one defined by the proxy.