OIM JSessionID HttpOnly and Secure Cookie Flags not set (Doc ID 2200542.1)

Last updated on NOVEMBER 03, 2016

Applies to:

Identity Manager - Version 11.1.2.1.9 and later
Information in this document applies to any platform.

Goal

With OIM 11g R2 PS1, the following documentation to enable SSL and secure cookies exists:

Enabling Secure Cookies in Oracle Identity Manager 11g for SSL Mode (Doc ID 1270084.1)

In addition, the R2 PS1 System Administration Guide also has the steps in Chapter 31:
http://docs.oracle.com/cd/E37115_01/admin.1112/e27149/securecookies.htm#OMADM4243

Do note the values for all three of the following in the example values for the session descriptor elements:
<cookie-secure> : true
<cookie-http-only> : false
<url-rewriting-enabled> : false


Both of the above docs point to three weblogic.xml files, out of which, only two are found two in an OIM 11G R2 PS1 env.

OIM_HOME/apps/oim.ear/iam-consoles-faces.war/WEB-INF/weblogic.xml
OIM_HOME/apps/oim.ear/xlWebApp.war/WEB-INF/weblogic.xml

The following is not present: OIM_HOME/apps/oim.ear/admin.war/WEB-INF/weblogic.xml

Are there additional steps needed to implement secure cookies and SSL completely?
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms