Details
-
Suggestion
-
Resolution: Duplicate
-
None
-
None
Description
We have a situation where two Crowd instances are used by a different set of applications, with SSO activated.
The first Crowd uses the SSO domain : .mycompany.com
The second Crowd uses the SSO domain : .subdomain.mycompany.com
The main problem is that when a user logs in successfully in an application controller by the first Crowd instance, a cookie with the .mycompany.com domain is sent to the browser.
If the same user tries to log in in an application controller by the second Crowd instance, the .mycompany.com domain cookie is used instead of creating a cookie for the .subdomain.mycompany.com, and so the user cannot login.
Log in page does not even show an error message, user is just redirected to the login page again and again, without any error message.
Expected behaviour :
- At least an error message should be displayed, explaining to the user that a cookie is set and prevents his/her login to the application;
- But Crowd should be able to select the cookie to use on a specific-first basis. If two cookies are present, .subdomain.mycompany.com and .mycompany.com, Crowd should select the more specific first. For example, if a user wants to connect to jira.subdomain.mycompany.com, the cookie that Crowd should select is : .subdomain.mycompany.com, and not .mycompany.com.
Attachments
Issue Links
- duplicates
-
CWD-4406 Crowd does not select the more specific SSO cookie and does not display any error message during login
- Closed