Oracle Access Manager 11g R2PS2 (OAM 188.8.131.52) OAM_REQ and OAM_ID Cookies Secure Flags Are Not Set
(Doc ID 2140715.1)
Last updated on APRIL 05, 2021
Applies to:Oracle Access Manager - Version 184.108.40.206.1 and later
Information in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note.
FollowedOracle Access Manager 11g R2PS2 (OAM 220.127.116.11) Docs Yet OAM_REQ And OAM_ID Cookies Secure Flag Is Not Set
Oracle® Fusion Middleware Administrator's Guide for Oracle Access Manager with Oracle Security Token Service 11g Release 1 11.1.1), Part Number E15478-06, 12 Managing Policy Components
About ssoCookie Challenge Parameters for Encrypted Cookies ...
Table 16-23 Challenge Parameters for 10g/11g Encrypted Cookies
11g /10g Webgate Challenge Parameter Syntax for Encrypted Cookies Description
ssoCookie = Parameter that controls flags for the SSO cookie OAMAuthnCookie.
miscCookies = Parameter that controls flags for all other Access Manager encrypted cookies.
Secure - Ensures that the encrypted cookie is sent only when the resource is accessed through HTTPS. A secure cookie is required only when a browser is visiting a server using HTTPS.
Steps to reproduce the issue:
1. Open a new browser session and call the following URL:
2. Login page is displayed...
address bar shows ... https://<OAM_HOSTNAME>/oam/server/obrareq.cgi ...
3. Enter username password <USER_ID>/<PASSWORD>
4. Requested resource has been displayed.
5. Using chrome developer tool and resources cookies it shows the
OAM_ID, OAM_REQ_0, and OAM_REQ_COUNT cookies as the secure flag not being set
SSL is terminated at LB.
hostname.domain is VIP ... request Flow.... <OAM_HOSTNAME> ---> OHS---> WebLogic server
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document