[ https://issues.jboss.org/browse/GTNSSO-14?page=com.atlassian.jira.plugin.... ] Marek Posolda resolved GTNSSO-14. --------------------------------- Fix Version/s: 1.3.0.Beta02 1.3.0.Beta01 Resolution: Done I had issues with reproducing but I've reproduced after some investigation. It can be reproduced with cookie domain ".acme.com" and OpenAM on host "openam.toto.acme.com". It can't be reproduced when OpenAM is on host "openam.acme.com" as it requires that OpenAM host must have (at least) one more subdomain in host name. It's due to code in class RFC2109Spec: {code} // host minus domain may not contain any dots String hostWithoutDomain = host.substring(0, host.length() - cookie.getDomain().length()); if (hostWithoutDomain.indexOf('.') != -1) { throw new MalformedCookieException("Domain attribute \"" + cookie.getDomain() + "\" violates RFC 2109: host minus domain may not contain any dots"); } {code} so issue happens only when host without cookie domain contains any dots (like "openam.toto") The issue itself is only minor, as it only prints WARN to server log, but the functionality itself is not affected. OpenAM iPlanetDirectoryPro cookie is properly validated by OpenSSO agent and user is successfuly logged in GateIn without problems. Only thing is that Http client can't set value of another cookie "amlbcookie" when processing response from OpenAM, but that's not needed anyway. Latest version of OpenSSOAgentImpl in SSO 1.3.0.Beta01 was upgraded to use Apache HttpClient 4.1.2 and it doesn't print Warning anymore. For older versions you can simply ignore Warning or use workaround like you suggested (but that require changes in code) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira