Tuesday, December 7, 2010

To Configure the OpenSSO Enterprise Deployment Against Cookie Hijacking

The OpenSSO Infrastructure which I had setup has just been configured to prevent Cookie Hijacking.

With this change, all my Policy Agents have to be re-configured. There's again this standard document from Sun. And once again, it disappoints me.

If your Policy Agents are deployed behind a load-balancer, then the above steps are not sufficient enough.

 You'll get the following errors:

ERROR: Invalid Agent: Could not get agent for the realm

What's the complete steps to configure for Cookie Hijacking Prevention?

Step a and b:

Step c:

Change Agent Root URL for CDSSO from host-based FQDN to load-balancer FQDN.


No comments:

Post a Comment