LAG rewrites cookie domain sent by the original server to the public host name

  • 3690949
  • 04-Sep-2007
  • 26-Apr-2012

Environment

Novell Access Management 3 Support Pack 1 Release Candidate 2b
Novell Access Management 3 Linux Access Gateway

Situation

Authentication to back end application server (Lotus Notes) based on a session cookie (LtpaToken) fails.
Requires session cookie does not get send by the browser client

Resolution

This issue has been addressed to engineering and will be fixed with the final release of Support Pack 1

Status

Reported to Engineering

Additional Information

A reverse proxy configuration has been created with two accelerators using path based multi homing

For example:
  1. "acc1.ema-public.org"
  2. "acc2.ema-public.org"
The application behind each accelerator share a command authentication / session cookie which belongs to a particular domain: "Domain=.ema-private.org"
Only one web server behind a configured accelerator (for example: acc1.ema-public.org) generates the cookie after a successful authentication

The Linux Access gateway rewrites the application cookie domain component to the public host name instead of rewriting it to the public Domain name

Example:

"Domain=.emaprivate.org" will be rewritten to"Domain=acc1.ema-public.org"
instead of rewriting it to "Domain=.ema-public.org"

Due to this fact the session cookie rewritten by the LAG can not be use with the accelerator "acc2.emea-public.org"

Feedback service temporarily unavailable. For content questions or problems, please contact Support.