search cancel

SMSESSION cookie is not decoded by WebAgent when Tomcat in the journey

book

Article ID: 46200

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER CA Single Sign On Agents (SiteMinder)

Issue/Introduction

 

In the SSO environment launched by Tomcat, WebAgent can't decode the SMSESSION cookie, because the SMSESSION cookie contains double quotation ("").

 

Cause

 

It is issue of Tomcat 6.0.

According to RFC2109 (1), from Tomcat 6, if it contain space, tab, symbol (()<>@,;:\”/[]?={}) in NAME or VALUE attribute, Tomcat add double quotation ("") to them (2).

 

Resolution

 

In Tomcat system property file, add like below parameters to it.

  1. Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
  2. Dorg.apache.tomcat.util.http. ServerCookie.ALLOW_EQUALS_IN_VALUE=true

If only 1. parameter is added, Tomcat remove also equals(=), so allow equals(=) should be allowed by 2. parameter. 

 

Additional Information

 

(1)

    HTTP State Management Mechanism
    

(2)

    Apache Tomcat Configuration Reference