Liberty IDP/SP/Policy Agent 2.2 and cookie hijacking
Hi Gurus,
In our implementation, we have IDP (eauthidp.etc.net) and an SP (eauthsp.etc.net) and some policy agents (eauthdev.etc.net).
Both IDP and SP are AM 7.1. Policy agent is 2.2.
We used IDP for authentication and SP for authorization. We would like to implement CookieHijacking changes also between SP and Policy Agents.
With Liberty, is it possible? If yes then what URL do I need to give in com.sun.am.policy.agents.config.cdcservlet.url property of AMAgent.properties.
Is there any other way of implementing this?
Thanks,
Vivek
# 1
Vivek,
It doesn't look like going to the CDC servlet first would work (i.e. configuring the agent to point to the CDC servlet as in std CDSSO case), since the auth/e URL it redirects to cannot be configured.
There may be a way by specifying the Fed SSO init URL first, but I really don't know if that would work for now.
N.
# 2
Hi N,
I looked all the docs and done some analysis. I found that there is no out-of-the-box configuration.
The way I could come up is:
1. Configure Cookie HIjacking in PA.
2. For CDSSO Servlet give following value:
https://eauthsp2.etc.net/amserver/preLogin?metaAlias=eauthsp2.etc.net
3. On the SP side, make CDSSO changes.
4. Create class that implements FederationSPAdapter. In that class either redirect to CDCServlet or do that same processing that CDCServlet does.
I am still reading the documents on how to stick this class in the SP so that it will be called after SSOFederation process completes.
Let me know if you think differently....
Vivek
