PingFederate Server

Specifying the domain of the PF.PERSISTENT cookie

PingFederate identifies persistent authentication sessions by their respective PF.PERSISTENT cookie. You can specify the domain of this cookie.

About this task

By default, the PF.PERSISTENT cookie is set without domain information in the HTTP header.

Set-Cookie: PF.PERSISTENT=UoBlPlf16V2oYAEPot2DnpUOXxitK7au;Path=/;Expires=Sat, 06-Nov-2021 00:48:08 GMT;Max-Age=94608000;Secure;HttpOnly

You can configure PingFederate to return the Set-Cookie HTTP header with domain information, as needed.

Steps

  1. Edit the <pf_install>/pingfederate/server/default/data/config-store/persistent-session-cookie-config.xml file.

  2. Modify the cookie-domain element.

    Example:

    [.codeph]``<c:item name="cookie-domain">.example.com</c:item>``

  3. Save the change.

  4. Restart PingFederate.

  5. If you’re running PingFederate in a clustered environment, perform the preceding steps on the console node. Then go to System > Server > Cluster Management and click Replicate Configuration.

Result

After you activate this change, PingFederate includes domain information in its Set-Cookie HTTP header.

Set-Cookie: PF.PERSISTENT=tOYwPM7VFMeluUyeu0EKQLL0DCJyVOqG;Path=/;Domain=.example.com;Expires=Sat, 06-Nov-2021 01:00:34 GMT;Max-Age=94608000;Secure;HttpOnly

OSZAR »