Specifying the domain of the PF.PERSISTENT cookie - PingFederate - 10.2

PingFederate Server

bundle
pingfederate-102
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.2
category
Product
pf-102
pingfederate
ContentType_ce

PingFederate identifies persistent authentication sessions by their respective PF.PERSISTENT cookie. You can specify the domain of this cookie.

By default, the PF.PERSISTENT cookie is set without domain information in the HTTP header.

Set-Cookie: PF.PERSISTENT=UoBlPlf16V2oYAEPot2DnpUOXxitK7au;Path=/;Expires=Sat, 06-Nov-2021 00:48:08 GMT;Max-Age=94608000;Secure;HttpOnly

You can configure PingFederate to return the Set-Cookie HTTP header with domain information, as needed.

  1. Edit the <pf_install>/pingfederate/server/default/data/config-store/persistent-session-cookie-config.xml file.
  2. Modify the cookie-domain element.

    <c:item name="cookie-domain">.example.com</c:item>

  3. Save the change.
  4. Restart PingFederate.

    For a clustered PingFederate environment, perform these steps on the console node, and then click Replicate Configuration on System > Server > Cluster Management. You do not have to restart PingFederate on any running engine node.

After you activate this change, PingFederate includes domain information in its Set-Cookie HTTP header.

Set-Cookie: PF.PERSISTENT=tOYwPM7VFMeluUyeu0EKQLL0DCJyVOqG;Path=/;Domain=.example.com;Expires=Sat, 06-Nov-2021 01:00:34 GMT;Max-Age=94608000;Secure;HttpOnly