domain="undefined" in JSESSIONIDSSO

Solution Unverified - Updated 14 Jun 2024

Environment

JBoss Enterprise Application Platform
- 7.2
- 7.1

Issue

When SSO is enabled and the domain is undefined, the JSESSIONIDSSO cookie has a invalid domain="undefined" as follows:

Set-Cookie: JSESSIONIDSSO=H_xYotFv_g4dUibKUXxkK5zaFx-IESzIHHDvmeEW; path=/; domain=undefined

Resolution

Apply JBoss EAP 7.2 CP1 or later
Apply JBoss EAP 7.1 CP6

As a workaroud, please set the domain explicitly:

[standalone@localhost:9990 /] /subsystem=undertow/application-security-domain=${your_security_domain}/setting=single-sign-on:write-attribute(name=domain, value=host.example.com)

Root Cause

Content from issues.jboss.org is not included.JBEAP-15574 - domain="undefined" in JSESSIONIDSSO
Content from issues.jboss.org is not included.JBEAP-15520 - domain="undefined" in JSESSIONIDSSO
Content from issues.jboss.org is not included.WFLY-11071

SBR

JBoss Security

Product(s)

Red Hat JBoss Enterprise Application Platform

Components

jbossas

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.