Currently Crowd allows admins to set a single sub-domain level only for the Cookie pattern.

Example:
URL Domain: abc.xyz.example.com
SSO Domain Allowed: .xyz.example.com
SSO Domain Not Allowed: .example.com (it would reach two sub-domain levels)

If the browsers don't respect rfc2965, there is an opportunity to allow the definition of .example.com as the cookie pattern and support many subdomains for SSO.

Currently the code defined at class SSOUtils blocks this behavior.

• This problem is affecting Crowd 2.4.0