Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-3104

OPENIG-3104 Provide secure and httpOnly options to the config of the CrossDomainSingleSignOnFilter and set httpOnly for JWTCookieSession

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.0.0, 6.1.0
    • Fix Version/s: 6.5.0
    • Component/s: OpenAM
    • Labels:
    • Environment:
      IG doing CDSSO with AM
    • Support Ticket IDs:
    • Story Points:
      3

      Description

      For additional security, it would be good to be able to specify in configuration that the authCookie generated by the CrossDomainSingleSignOnFilter and the JWTCookieSession cookie be able to have the secure and/or httpOnly options set.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                markdr Mark de Reeper
                Reporter:
                markdr Mark de Reeper
              • Votes:
                1 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: