CA Mobile API Gateway: Bad cookie, reserved token
Article ID: 116837
Updated On:
Products
CA Rapid App Security
CA API Gateway
Issue/Introduction
The below error appears in the SSG log
2018-08-27T16:45:00.120-0400 SEVERE 12875 com.l7tech.server.SoapMessageProcessingServlet: Cookie name "AMC_EZ673B6524DA1BC0A4905C9@CAdobeorg" is a reserved token
The 'Cookie name' may differ in your environment.
2018-08-27T16:45:00.120-0400 SEVERE 12875 com.l7tech.server.SoapMessageProcessingServlet: Cookie name "AMC_EZ673B6524DA1BC0A4905C9@CAdobeorg" is a reserved token
The 'Cookie name' may differ in your environment.
Environment
Release:
Component: APIMBL
Component: APIMBL
Cause
The @ character is considered a reserved token, along with some other characters defined in Section 2.2 of RFC2616.
Resolution
The issue is caused by the 'Decode ID Token' assertion when it hits a cookie containing special characters.
To resolve the handling of these characters:
1) Log into the Gateway via ssh
2) Navigate to and edit the file /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties
3) Add the following line
org.glassfish.web.rfc2109_cookie_names_enforced=false
4) Save the file and restart the Gateway service
This will allow the cookie names to contain special characters without interfering with the decode.
To resolve the handling of these characters:
1) Log into the Gateway via ssh
2) Navigate to and edit the file /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties
3) Add the following line
org.glassfish.web.rfc2109_cookie_names_enforced=false
4) Save the file and restart the Gateway service
This will allow the cookie names to contain special characters without interfering with the decode.
Feedback
Yes
No
Powered by
