1 Reply Latest reply: Jan 25, 2013 2:05 PM by raudabat RSS

    Disable Token Parameter on URL after authentication redirect.

    raudabat
      Hello,

      I am new to Identity Management the components used in our SSO implementation. I know we are using Sun Java Access Manager , etc and Opensso Web Agent 8.1 for Apache 2.2. We are trying to disable the inclusion of the iPlanetDirectoryPro token at the end of the redirecting URL after a LDAP Authentication, PKI, and Kerberos modes. After authetication the re-directing URL is constructed as follows: https://aaa.xxx.com/xx/zzzzzzzz&iPlanetDirectoryPro=AxBcXdFe . Is there a way to disable the inclusion of the token on the URL but keep in Response Header. I hope I am asking this question in the correct forum.

      Any help appreciated and thanks in advance.

      Tom
        • 1. Re: Disable Token Parameter on URL after authentication redirect.
          raudabat
          I found this capability in the following area:

          AMConfig.properties file

          com.sun.identity.cookieRewritingInPath

          Default value is true. This property is read by the Authentication Service when Access Manager is configured to run in cookieless mode. The property specifies that the cookie needs to be rewritten as extra path information in the URL using this form: protocol://server:port/uri;cookiename=cookieValue?queryString. If this property is not specified, then the cookie will be written as part of the query string.

          Hope this helps somebody !!!

          Tom