Sun OpenSSO Enterprise 8.0 Update 1 Release Notes

CR 6496155: Policy agents send token other than the IP address in cookie hijacking mode

Previously, in cookie hijacking mode, policy agents sent the IP address of the server where they were installed to the OpenSSO Enterprise server. Now, the policy agent first sends the application SSO token. If the agent cannot obtain the application SSO token, the agent then sends the IP address to the OpenSSO Enterprise server.

If strict DN checking is required for a deployment, OpenSSO Enterprise server includes the new

iplanet-am-session-dnrestrictiononly property.

The default value is false. If this property is set to true, the OpenSSO Enterprise server performs strict DN checking. If the agent sends an IP address, the OpenSSO Enterprise server considers the IP address to be an error.

To set iplanet-am-session-dnrestrictiononly for strict DN checking:

  1. Add the property with a value of true using either the OpenSSO Enterprise Admin Console or the ssoadm utility.

  2. Restart the OpenSSO Enterprise server web container for the DN checking to take effect.