Access Gateway adding additional quotes "" in the cookie
Article ID: 110034
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
- Regardless if addquotestocookie was set to YES or NO in the server.conf, if a http header cookie response having an = Character in its value, The Access Gateway Tomcat is double quoting the cookie.
- Example of the Cookie Variable
WebAgent-HTTP-Cookie-Variable SMTEXT6=joe=test
WebAgent-HTTP-Cookie-Variable SMTEXT=null=Testind_d4_CUA
WebAgent-HTTP-Cookie-Variable SMTEXT5==
WebAgent-HTTP-Cookie-Variable SMTEXT3=nullTestind_d4_CUA
WebAgent-HTTP-Cookie-Variable SMTEXT2=Testind_d4_CUA
WebAgent-HTTP-Cookie-Variable SMTEXT4=null
- -All cookies that has an = Character in the value will be set with double quote. Please see response below
Server: Apache/2.4.29 (Win64) OpenSSL/1.0.2l-fips mod_jk/1.2.42
Set-Cookie: SMTEXT2=Testind_d4_CUA; Domain=.myidp.com; Path=/
Set-Cookie: SMTEXT5="="; Version=1; Domain=.myidp.com; Path=/
Set-Cookie: SMTEXT4=null; Domain=.myidp.com; Path=/
Set-Cookie: SMTEXT3=nullTestind_d4_CUA; Domain=.myidp.com; Path=/
Set-Cookie: SMTEXT="null=Testind_d4_CUA"; Version=1; Domain=.myidp.com; Path=/
Set-Cookie: SMTEXT6="joe=test"; Version=1; Domain=.myidp.com; Path=/
- Example of the Cookie Variable
WebAgent-HTTP-Cookie-Variable SMTEXT6=joe=test
WebAgent-HTTP-Cookie-Variable SMTEXT=null=Testind_d4_CUA
WebAgent-HTTP-Cookie-Variable SMTEXT5==
WebAgent-HTTP-Cookie-Variable SMTEXT3=nullTestind_d4_CUA
WebAgent-HTTP-Cookie-Variable SMTEXT2=Testind_d4_CUA
WebAgent-HTTP-Cookie-Variable SMTEXT4=null
- -All cookies that has an = Character in the value will be set with double quote. Please see response below
Server: Apache/2.4.29 (Win64) OpenSSL/1.0.2l-fips mod_jk/1.2.42
Set-Cookie: SMTEXT2=Testind_d4_CUA; Domain=.myidp.com; Path=/
Set-Cookie: SMTEXT5="="; Version=1; Domain=.myidp.com; Path=/
Set-Cookie: SMTEXT4=null; Domain=.myidp.com; Path=/
Set-Cookie: SMTEXT3=nullTestind_d4_CUA; Domain=.myidp.com; Path=/
Set-Cookie: SMTEXT="null=Testind_d4_CUA"; Version=1; Domain=.myidp.com; Path=/
Set-Cookie: SMTEXT6="joe=test"; Version=1; Domain=.myidp.com; Path=/
Environment
Release:
Component: SMSPS
Component: SMSPS
Resolution
The double quote is being set by Tomcat app server used in the Access Gateway.
You can disable this behavior by following the below steps:
1. Navigate to your "catalina.properties" that can be found under CA\secure-proxy\Tomcat\conf
2. add the following line to the property file
org.apache.tomcat.util.http.ServerCookie.ALLOW_HTTP_SEPARATORS_IN_V0 = true
value true --> Cookies will be set with no double quote if = is present
False --> cookies will be set with double quote if = is present
3. restart Access Gateway service
You can disable this behavior by following the below steps:
1. Navigate to your "catalina.properties" that can be found under CA\secure-proxy\Tomcat\conf
2. add the following line to the property file
org.apache.tomcat.util.http.ServerCookie.ALLOW_HTTP_SEPARATORS_IN_V0 = true
value true --> Cookies will be set with no double quote if = is present
False --> cookies will be set with double quote if = is present
3. restart Access Gateway service
Feedback
Yes
No
Powered by
