Specifying the domain of the PF cookie
PingFederate identifies sessions by their respective PingFederate cookie. You can specify the domain of these cookies.
About this task
By default, the PingFederate cookie is set without domain information in the HTTP header.
Set-Cookie: PF=zOv4xxmzDI2rx1TFBFy78X;Path=/;Secure;HttpOnly
You can configure PingFederate to return the Set-Cookie
HTTP header with domain information, as needed.
Steps
-
Edit the
<pf_install>/pingfederate/server/default/data/config-store/session-cookie-config.xml
file. -
Modify the
cookie-domain
element.Example:
<c:item name="cookie-domain">.example.com</c:item>
-
Save the change.
-
Restart PingFederate.
For a clustered PingFederate environment, perform these steps on the console node. Then, click Replicate Configuration on System > Server > Cluster Management.
Result
After you activate this change, PingFederate includes domain information in its Set-Cookie HTTP
header.
Set-Cookie: PF=aDfPx6uwbbWGFhwE6zEhEG;Path=/;Domain=.example.com;Secure;HttpOnly