Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide

ProcedureTo Configure the OpenSSO Enterprise Deployment Against Cookie Hijacking

This task description includes configuration information for agents in the Policy Agent 3.0 software set. Perform the task on every agent instance for which you want to enhance security. The best practice is to perform the task on all the agent instances in the OpenSSO Enterprise deployment. As part of the configuration of each agent instance, you must also make specific configurations directly to OpenSSO Enterprise. For this task, be prepared to access the OpenSSO Enterprise Console and a browser that can access a protected web resource.

  1. Using a browser, navigate through OpenSSO Enterprise Console to the appropriate agent (J2EE agent or web agent, whichever applies) properties page that you want to configure.

  2. Edit the agent properties as described in the substeps that follow:

    Notice, that you must navigate from Console tab to Console tab.

    1. Enable the property labeled Cross Domain SSO (Tab: SSO, Name: com.sun.identity.agents.config.cdsso.enable).

      Setting this property to Enabled, enables CDSSO, which is required for each agent instance since the agent will use functionality provided by the CDSSO feature.

    2. Set the property labeled CDSSO Servlet URL (Tab: SSO, Name: com.sun.identity.agents.config.cdsso.cdcservlet.url) as described in this substep.

      This property stores the URL to which you want to direct users after they log in successfully to a deployment enabled for CDSSO. A feasible setting for this property is as follows:
    3. Click Save on the SSO page.

    4. (Conditional) For J2EE agents only, add a new value to the property labeled Custom Properties (Tab: Advanced, Name: com.sun.identity.agents.config.freeformproperties) as described in this step.

      Add the following value to the Custom Properties property:

    5. Click Save on the Advanced page.

  3. Restart the container that hosts the agent.

  4. Add the required OpenSSO Enterprise properties as described in the substeps that follow.

    1. In the OpenSSO Enterprise Console, navigate back to the top level.

    2. Click Configuration tab.

    3. Click the Servers and Sites subtab.

    4. Click the OpenSSO Enterprise server name that you esny to configure.

    5. Click the Advanced tab.

    6. Add the properties and values as shown in the table that follows.

      Property Name 

      Property Value 







      For example,

    7. Click Save.

  5. In OpenSSO Enterprise Administration Console, navigate back to the Configuration tab.

  6. Select the System subtab.

  7. Click Platform.

  8. In the Cookie Domain list, change the cookie domain name as described in the substeps that follow.

    This step enables OpenSSO Enterprise to set host-specific session cookies instead of domain-wide session cookies.

    1. Select the default domain, such as “”

    2. Click Remove.

    3. Enter the name of the machine hosting the OpenSSO Enterprise instance.

      For example:
    4. Click Add.

  9. Ensure that the proper cookies appear in a browser as described in the substeps that follow.

    1. Use a browser to access a resource that is protected by the agent that you just configured.

    2. Check the browser's cookie settings to ensure that the three following cookies appear:

      Cookie Name 

      Example Cookie Value 

      Example Cookie Domain Information