When using Crowd for single sign-on (SSO), you can specify that the 'secure' flag is set on the SSO cookie. This will enforce a secured connection, such as SSL, for all SSO requests.
To specify the secure flag on the SSO cookie,
- Log in to the Crowd Administration Console.
- Click the 'Administration' tab in the top navigation bar.
- The 'General Options' screen will appear. Tick or untick the 'Secure SSO Cookie' checkbox as required:
- Ticked — The 'secure' attribute will be included on the SSO cookie. A secured connection, such as SSL or TLS, is required for all SSO requests. Unsecured connections will be refused.
- Not ticked — This is the default. The 'secure' attribute will not be included on the SSO cookie. This means that the SSO cookie may be transmitted over an unsecured connection.
- Click the 'Update' button.
Screenshot: Secure SSO Cookie in Crowd General Options
- Configuring Server Settings
- Configuring your Mail Server
- Creating an Email Notification Template
- Configuring Trusted Proxy Servers
- Viewing Crowd's System Information
- Backing Up and Restoring Data
- Logging and Profiling
- Configuring the LDAP Connection Pool
- Overview of Caching
Was this helpful?
Thanks for your feedback!