Each target application may have its own identity propagator or even several of them. This section describes the Ticket Cookie Propagator which creates a ticket string encoded in a cookie. This is a very easy and safe way to implement identity propagation and single sign-on (SSO) for applications sharing the same Airlock Gateway (WAF) session.
The Airlock Gateway (WAF) configuration must ensure that the cookie is not sent to the client (e.g. browser) but only transported to the intended target application(s).
Sending the cookie via the client to the target application may result in a severe security vulnerability!
With the default Airlock Gateway (WAF) cookie settings, cookies are not sent to the client, i.e. it is safe with respect to identity propagation.