Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-3618

J2EE agents don't allow to set 'httponly' flag for SSO tracking cookie

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Agents-3.0.3, Agents-3.0.4, Agents-3.1.0-Xpress, Agents-3.3.0
    • Fix Version/s: JEEAgents-3.5.0
    • Component/s: j2ee agents
    • Labels:
    • Support Ticket IDs:

      Description

      When running in CDSSO mode Agents issue their own SSO tracking cookie; either a host-based or if configured a domain cookie.

      OpenAM and OpenAM DistAuth allows to set 'httponly' flag for the SSO tracking cookie they issue.

      Web Agents allow to set 'httponly' flag for the SSO tracking cookie by setting advanced property

      com.sun.identity.cookie.httponly=true
      

      J2EE agents should offer the same feature

      com.sun.identity.agents.filter.SSOContext.createSSOTokenCookie(String tokenValue)
      

      should be enhanced

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                peter.major Peter Major
                Reporter:
                bthalmayr Bernhard Thalmayr
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: