Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-1945

Make Crowd's cookie domain validation consistent with RFC 6265

    • Icon: Suggestion Suggestion
    • Resolution: Fixed
    • 2.5
    • None
    • None
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Currently Crowd allows admins to set a single sub-domain level only for the Cookie pattern.

      Example:
      URL Domain: abc.xyz.example.com
      SSO Domain Allowed: .xyz.example.com
      SSO Domain Not Allowed: .example.com (it would reach two sub-domain levels)

      If the browsers don't respect rfc2965, there is an opportunity to allow the definition of .example.com as the cookie pattern and support many subdomains for SSO.

      Currently the code defined at class SSOUtils blocks this behavior.

      • This problem is affecting Crowd 2.4.0

            [CWD-1945] Make Crowd's cookie domain validation consistent with RFC 6265

            joe added a comment -

            This fix will make a few changes to follow the current spec:

            • Allow matching any number of subdomains
            • Remove any special treatment for dot-less domains
            • Treat domain names with and without trailing dots as distinct
            • Don't allow a suffix match with IP addresses

            joe added a comment - This fix will make a few changes to follow the current spec: Allow matching any number of subdomains Remove any special treatment for dot-less domains Treat domain names with and without trailing dots as distinct Don't allow a suffix match with IP addresses

            joe added a comment -

            The spec for current browser behaviour is rfc6265. We should ensure we're consistent with this.

            joe added a comment - The spec for current browser behaviour is rfc6265 . We should ensure we're consistent with this.

              jwalton joe
              rbattaglin Renan Battaglin
              Votes:
              3 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: