Federation Manager Guide › Federation Manager System Administration › Deployment Settings › Cookie Settings for Session and Identity Cookies

Cookie Settings for Session and Identity Cookies

Federation Manager supports single sign-on security zones. Single sign-on security zones provide configurable trust relationships between groups of applications within the same cookie domain.

Although single sign-on is enforced within the same zone, a user may be rechallenged when entering a different zone, depending on the trust relationship defined between the zones. Security zones included in a trusted relationship do not rechallenge a user that has a valid session in any zone in the group.

Security zone affiliation is reflected in cookie names. For Federation Manager, the default session and identity cookies are named FEDSESSION and FEDPROFILE.

Your federation partner possibly has an application that uses its own session or identity cookie. The names of the partner cookies can conflict with the names of Federation Manager's cookies. For example, if you are communicating with a SiteMinder site, cookies named FEDSESSION and FEDPROFILE may exist because SiteMinder generates its own session and identity cookies. In this case, you can change the global cookie zone prefix for Federation Manager so its cookies get renamed.

Note: If you have an application that is using a Federation Manager SDK, the values configured for the Global Cookie Zone and Encryption Password settings must match what the SDK uses. Be sure to share the values of these settings with the appropriate parties in your organization. At the asserting party, the SDK and web access management system need these values. At the relying party, Federation Manager and the target system that hosts the application need to know these values.

For additional information, see the Federation Manager Java SDK Guide or the .NET SDK Guide.

The other cookie parameters in this group box are the open format cookie settings. The open format cookie settings are used only for the open format cookie method of delegated authentication and apply on a global level not on a partnership basis.

Note: At the relying party, the configuration of this cookie data is done at the partnership level and not at a global level.

To change the cookie settings

1. Log in to the Federation Manager UI.
2. From the Infrastructure tab, select Deployment Settings.

   The Configure Deployment Settings dialog is displayed.

3. (Optional) Modify all the settings in the Cookie Settings group box, as needed.

   Note: You can click Help for a description of fields, controls, and their respective requirements.