[CWD-1945] Make Crowd's cookie domain validation consistent with RFC 6265

Type: Suggestion
Resolution: Fixed
Fix Version/s: 2.5
Component/s: None
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Currently Crowd allows admins to set a single sub-domain level only for the Cookie pattern.

Example:
URL Domain: abc.xyz.example.com
SSO Domain Allowed: .xyz.example.com
SSO Domain Not Allowed: .example.com (it would reach two sub-domain levels)

If the browsers don't respect rfc2965, there is an opportunity to allow the definition of .example.com as the cookie pattern and support many subdomains for SSO.

Currently the code defined at class SSOUtils blocks this behavior.

This problem is affecting Crowd 2.4.0

supersedes

CWD-1938 Add an error message saying that '*' is not supported in the SSO Domain Pattern

Closed

Katherine Yabut made changes - 19/Sep/2019 5:51 AM

Workflow	Original: JAC Suggestion Workflow [ 3363821 ]	New: JAC Suggestion Workflow 3 [ 3628010 ]
Status	Original: RESOLVED [ 5 ]	New: Closed [ 6 ]

Monique Khairuliana (Inactive) made changes - 15/Aug/2019 6:57 AM

Workflow	Original: Simplified Crowd Development Workflow v2 - restricted [ 1509991 ]	New: JAC Suggestion Workflow [ 3363821 ]
Issue Type	Original: Task [ 3 ]	New: Suggestion [ 10000 ]

Owen made changes - 07/Jul/2016 6:19 AM

Workflow

Original: Simplified Crowd Development Workflow v2 [ 1392652 ]

New: Simplified Crowd Development Workflow v2 - restricted [ 1509991 ]

Owen made changes - 12/May/2016 2:51 AM

Workflow

Original: Crowd Development Workflow v2 [ 273683 ]

New: Simplified Crowd Development Workflow v2 [ 1392652 ]

joe made changes - 06/Sep/2013 2:53 AM

Link

New: This issue supersedes ~~CWD-1938~~ [ ~~CWD-1938~~ ]

joe made changes - 22/Jun/2012 6:03 AM

Resolution		New: Fixed [ 1 ]
Status	Original: Technical Review [ 10028 ]	New: Resolved [ 5 ]

joe made changes - 21/Jun/2012 4:22 AM

Status

Original: In Progress [ 3 ]

New: Technical Review [ 10028 ]

joe made changes - 21/Jun/2012 4:22 AM

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

joe made changes - 21/Jun/2012 4:19 AM

Fix Version/s

New: 2.5 [ 22894 ]

joe made changes - 21/Jun/2012 4:19 AM

Assignee

New: joe [ jwalton ]

Assignee:: joe

Reporter:: Renan Battaglin

Votes:: 3 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 22/Jun/2010 5:58 AM

Updated:: 19/Sep/2019 5:51 AM

Resolved:: 22/Jun/2012 6:03 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates