Pre-Authentication Cookie Name
The name of the pre-authentication cookie. This cookie tracks the progress of authentication with AM, and protects requests from replay attacks. It contains the following information:
-
URL of the original request
-
HTTP mode
-
Secure ID (subsequently baked into the nonce of the returned JWT)
-
Relevant ACR information
-
Transaction ID
-
Expiry time configured by Max Age of Pre-Authentication Cookie
(Before Java Agent 5.7), The agent creates a single cookie containing records to identify all concurrent authentication requests to AM. In environments with lots of concurrent requests, or where the protected URLs are long, the cookie can reach the maximum size supported by the browser. When this happens, new authentication requests fail and the agent issues a 403 HTTP message to the user.
(Java Agent 5.7 and later versions) The agent can optionally create a cookie for each authentication request to AM. In some environments, this creates a large number of cookies. If you have tests in your environment that make multiple requests to AM from the same browser, you may find intermittent 403 HTTP messages; browsers can limit how many cookies they handle.
Configure the cookie name as follows:
-
To use one cookie for all concurrent authentication requests to AM, configure as a string. For example,
org.forgerock.agents.authn.cookie.name=cookie-name
. -
To use one cookie for each authentication request to AM, configure as
%n
, or as%n
before, in the middle of, or after a string. When the agent creates the cookie, it translates the string%n
into a unique identifier. For example:-
org.forgerock.agents.authn.cookie.name=%n
-
org.forgerock.agents.authn.cookie.name=%n-cookie-name
-
org.forgerock.agents.authn.cookie.name=cookie-%n-name
-
org.forgerock.agents.authn.cookie.name=cookie-name-%n
-
The agent compresses and then signs the cookie.
Property name |
|
Aliases |
|
Function |
Cookie, Pre-authentication |
Type |
String |
Default |
|
Bootstrap property |
No |
Required property |
No |
Restart required |
No |
Local configuration file |
|
AM console |
Tab: Title: Legacy title: |