Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14573

amlbcookie is not secure when authenticating with trees

    Details

    • Sprint:
      AM Sustaining Sprint 60, AM Sustaining Sprint 61
    • Story Points:
      2
    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      Authentication Tree ignores 'com.iplanet.am.cookie.secure' and 'com.sun.identity.cookie.httponly' settings for amlbcookie. Authentication Chains/Modules honor the settings 'com.iplanet.am.cookie.secure' and 'com.sun.identity.cookie.httponly' for amlbcookie.

      How to reproduce the issue

      1. Setup Tom Cat with HTTPS:
        https://backstage.forgerock.com/docs/am/6.5/install-guide/#sec-install-self-signed-certificates
      2. Enable Secure Cookies 'com.iplanet.am.cookie.secure=true'
      3. Configure the AM server to use HttpOnly cookies by navigating to Configure > Server Defaults > Advanced, and setting the com.sun.identity.cookie.httponly property's value to true. Save your changes.
      4. Login to a Tree, With this example remove the webhook if you have not configured it. 
        https://openam6.example.com:8445/openam/XUI/?realm=/#login/&service=Example
      5. Check your amlbcookie with a HAR or Cookie manager and it will not be secure / httpOnly but your iplanentdirectory pro will be secure and httpOnly.
      Expected behaviour
      Both IPlanentDirectoryPro and amplbcookie should be secure 
      Current behaviour
      amplbcookie is not secure 
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                kamal.sivanandam@forgerock.com Kamal Sivanandam
                Reporter:
                william.hepler William Hepler
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: