With this change, all my Policy Agents have to be re-configured. There's again this standard document from Sun. And once again, it disappoints me.
If your Policy Agents are deployed behind a load-balancer, then the above steps are not sufficient enough.
You'll get the following errors:
ERROR: Invalid Agent: Could not get agent for the realm
What's the complete steps to configure for Cookie Hijacking Prevention?
Step a and b:
Change Agent Root URL for CDSSO from host-based FQDN to load-balancer FQDN.