Removing Opensso Version as X-DSAMEVersion Attribute From the Http Headers (Doc ID 1442144.1)

Last updated on MARCH 08, 2017

In this Document
  Goal
  Solution
  References


This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.

Goal

When accessing Sun Access Manager 7.x or OpenSSO 8.0 for authentication, OpenSSO adds the "X-DSAMEVersion" attribute into the HTTP Headers in the response that is sent back to the user.
Some people might find this as being a sensitive information about the version and name of security product (Sun AM/OpenSSO in this case) that they are running with, and some would like the product to possibly remove this info as captured from the HTTP Headers.
An example from a captured info of this as from the HTTP Headers is :

"X-DSAMEVersion: Oracle OpenSSO 8.0 Update 2 Patch1 Build 6.1(2010-November-11 07:56)"

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms