Requirements for SSO Domain Name in WebSphere

Technote (FAQ)
Problem
What are the requirements for the Single Sign On (SSO) domain field in the WebSphere security settings or the security center?
Solution
Domain names must have at least one "dot" or period. This is an internet standard. See RFC 2109.
  • Domain names cannot contain underscore, "_", characters. This did not create a problem with earlier versions of Internet Explorer (IE) or Netscape. But IE browser versions 5.5 and 6.0 do not accept underscores in the cookie. This is an internet standard. See RFC 1123 & RFC 932.
  • Do not use the server name(such as machinename.ibm.com or hostname.ibm.com) in the domain name.

Examples of valid domain names are ibm.com, tx.gov, austin.ibm.com.

Examples of invalid domain names are ibmus, state_tx.gov

  • Some customers have experienced a problem with IE, in that IE 5 and IE 6 do not seem to accept the LTPA token when the domain defined in the SSO domain field is less than 5 characters excluding the period, such as "cn.ca".

Solution: Microsoft has a fix. Please refer to http://support.microsoft.com/default.aspx?scid=kb;en-us;310676











    Document Information

    Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Security
    Operating system(s): Multi-Platform
    Software version: 3.5, 4.0, 5.0
    Software edition: Edition Independent
    Reference #: 1112390
    IBM Group: Software Group
    Modified date: 2003-06-25