Release NotesFederation Security Services Release NotesDefects Fixed in the Web Agent 6.x QMR 6 Option PackFixes in the Web Agent 6.0 SP6 Option Pack › Federation Web Services Cannot Decode SMSESSION Cookie on Tomcat (129196)

Previous Topic: Application Server on AIX Crashes when Malformed SAML 2.0 Assertion Received (101481)

Next Topic: Defects Fixed in the Policy Server 6.0 SP5 Option Pack
Federation Web Services Cannot Decode SMSESSION Cookie on Tomcat (129196)

Symptom:

If Federation Web Services is deployed on a Tomcat server, the Web Agent protecting the target resource at the Service Provider cannot decode the session cookie.

Note: Federation Web Services is installed by the Web Agent Option Pack.

Solution:

When Tomcat 5.5 and higher is used as application container for Federation Web Services, add the following system property to the Tomcat start-up shell or batch file and set it to true:

-Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true

STAR Issue: 19884857