Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-761

com.sun.identity.cookie.httponly property does not work for C agent 5

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.0.0.0
    • Fix Version/s: 5.0.0.0
    • Component/s: Web Agents
    • Environment:
      Ubuntu 14 / Apache 2.4 / Version: 5.0.0-SNAPSHOT, Revision: e62147a, Build date: Jul 11 2017 13:47:14

      Description

      com.sun.identity.cookie.httponly property does not work for C agent 5

      Steps to reproduce

      1.) Agent Profile > SSO

      • Cross Domain SSO = enabled (this is configuration is for Agent 4)
      • Cookies Domain List = .test.forgerock.com (this value should be different to default domain [in my case defaul tdomain is forgerock.com])

      2.) Advanced Tab > Custom properties: com.sun.identity.cookie.httponly=true
      3.) Create a policies to allow access
      4.) Hit the agent protected page and login with an user, e.g http://riso-ubuntu14.test.forgerock.com/index.html
      5.) Check the iPDP cookies

      Expected result

      Agent 4: There are 2 iPDP cookies, one under default domain(forgerock.com) and 2nd. under CDSSO domain (test.forgerock.com). The iPDP cookie for CDSSO domain has flag httpOnly
      Agent 5: I would expect that OIDC cookie (in my case under domain riso-ubuntu14.test.forgerock.com) should has flag httpOnly

      Observed Result

      httpOnly cookie flag is not set

        Attachments

          Activity

            People

            Assignee:
            nick.james Nicholas James
            Reporter:
            richard.hruza Richard Hruza
            QA Assignee:
            Richard Hruza Richard Hruza
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: