search cancel

SMSESSION cookie is not decoded by WebAgent when Tomcat in the journey


Article ID: 46200


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER CA Single Sign On Agents (SiteMinder)



In the SSO environment launched by Tomcat, WebAgent can't decode the SMSESSION cookie, because the SMSESSION cookie contains double quotation ("").




It is issue of Tomcat 6.0.

According to RFC2109 (1), from Tomcat 6, if it contain space, tab, symbol (()<>@,;:\”/[]?={}) in NAME or VALUE attribute, Tomcat add double quotation ("") to them (2).




In Tomcat system property file, add like below parameters to it.

  1. Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
  2. Dorg.apache.tomcat.util.http. ServerCookie.ALLOW_EQUALS_IN_VALUE=true

If only 1. parameter is added, Tomcat remove also equals(=), so allow equals(=) should be allowed by 2. parameter. 


Additional Information



    HTTP State Management Mechanism


    Apache Tomcat Configuration Reference