Requirements for SSO Domain Name in WebSphere Application Server
 Technote (troubleshooting)
 
Problem(Abstract)
What are the requirements for the Single Sign On (SSO) domain field in the WebSphere® Application Server security settings or the security center?
 
Resolving the problem
  1. Domain names must have at least one "dot" or period. This is an internet standard published in RFC 2109.
  2. Domain names cannot contain underscore ( _ ) characters. This was not a problem with earlier versions of Internet Explorer or Netscape browsers. However, Internet Explorer browser versions 5.5 and 6.0 do not accept underscores in the cookie. This is an internet standard. See RFC 1123 and RFC 932.
  3. Do not use the server name (such as machinename.ibm.com or hostname.ibm.com) in the domain name.

Examples of valid domain names are ibm.com, tx.gov, austin.ibm.com.

Examples of invalid domain names are ibmus, state_tx.gov

Some customers have experienced problems with Internet Explorer, versions 5 and 6, which do not seem to accept the Lightweight Third-Party Authentication (LTPA) token when the domain defined in the Single Sign On (SSO) domain field is less than 5 characters, excluding the period, such as "cn.ca".

Please refer to the Microsoft® knowledge base article: "Internet Explorer Does Not Set a Cookie for Two-Letter Domains."

 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): Windows
Software version: 5.0
Software edition:
Reference #: 1112390
IBM Group: Software Group
Modified date: Jul 28, 2006