OIM JSessionID HttpOnly and Secure Cookie Flags not set
Last updated on NOVEMBER 03, 2016
Applies to:Identity Manager - Version 18.104.22.168.9 and later
Information in this document applies to any platform.
With OIM 11g R2 PS1, the following documentation to enable SSL and secure cookies exists:
Enabling Secure Cookies in Oracle Identity Manager 11g for SSL Mode (Doc ID 1270084.1)
In addition, the R2 PS1 System Administration Guide also has the steps in Chapter 31:
Do note the values for all three of the following in the example values for the session descriptor elements:
<cookie-secure> : true
<cookie-http-only> : false
<url-rewriting-enabled> : false
Both of the above docs point to three weblogic.xml files, out of which, only two are found two in an OIM 11G R2 PS1 env.
The following is not present: OIM_HOME/apps/oim.ear/admin.war/WEB-INF/weblogic.xml
Are there additional steps needed to implement secure cookies and SSL completely?
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms