Last updated on JUNE 18, 2016
Applies to:
Oracle Access Manager - Version 11.1.2.1.1 and laterInformation in this document applies to any platform.
Symptoms
Followed Oracle Docs Yet OAM_REQ And OAM_ID Cookies Secure Flag Is Not Set
Oracle Docs:
====================
Oracle® Fusion Middleware Administrator's Guide for Oracle Access Manager with Oracle Security Token Service 11g Release 1 11.1.1), Part Number E15478-06, 12 Managing Policy Components
About ssoCookie Challenge Parameters for Encrypted Cookies ...
ssoCookie=Secure
Table 16-23 Challenge Parameters for 10g/11g Encrypted Cookies
11g /10g Webgate Challenge Parameter Syntax for Encrypted Cookies Description
ssoCookie = Parameter that controls flags for the SSO cookie OAMAuthnCookie.
miscCookies = Parameter that controls flags for all other Access Manager encrypted cookies.
Secure - Ensures that the encrypted cookie is sent only when the resource is accessed through HTTPS. A secure cookie is required only when a browser is visiting a server using HTTPS.
ssoCookie=Secure
miscCookies=Secure
Steps to reproduce the issue:
==============================
1. Open a new browser session and call the following URL:
https://hostname.domain/VGPortal/faces/businessServices.jspx
2. Login page is displayed...
address bar shows ... https://hostname.domain/oam/server/obrareq.cgi ...
3. Enter username password admin/pwd
4. Requested resource has been displayed.
5. Using chrome developer tool and resources cookies it shows the
OAM_ID, OAM_REQ_0, and OAM_REQ_COUNT cookies as the secure flag not being set
Additional Information:
SSL is terminated at LB.
hostname.domain is VIp ... request Flow.... hostname.domain ---> OHS---> Weblogic server
Cause
Sign In with your My Oracle Support account |
|
Don't have a My Oracle Support account? Click to get started |
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms