By default, the PingFederate cookie is set without domain information in the HTTP header.

Set-Cookie: PF=zOv4xxmzDI2rx1TFBFy78X;Path=/;Secure;HttpOnly

You can configure PingFederate to return the Set-Cookie HTTP header with domain information, as needed.

  1. Edit the <pf_install>/pingfederate/server/default/data/config-store/session-cookie-config.xml file.
  2. Modify the cookie-domain element.

    <c:item name="cookie-domain">.example.com</c:item>

  3. Save the change.
  4. Restart PingFederate.

    For a clustered PingFederate environment, perform these steps on the console node, and then click Replicate Configuration on System > Server > Cluster Management. You do not have to restart PingFederate on any running engine node.

After you activate this change, PingFederate includes domain information in its Set-Cookie HTTP header.

Set-Cookie: PF=aDfPx6uwbbWGFhwE6zEhEG;Path=/;Domain=.example.com;Secure;HttpOnly