OIM JSessionID HttpOnly and Secure Cookie Flags not set
(Doc ID 2200542.1)
Last updated on JANUARY 07, 2020
Applies to:Identity Manager - Version 188.8.131.52.9 to 184.108.40.206.0 [Release 11g]
Information in this document applies to any platform.
With Oracle Identity Manager (OIM) 11g R2 PS1, the following documentation to enable Secure Sockets Layer (SSL) and secure cookies exists:
Enabling Secure Cookies in Oracle Identity Manager 11g for SSL Mode <Document 1270084.1>
In addition, the R2 PS1 System Administration Guide also has the steps in Chapter 31:
Do note the values for all three of the following in the example values for the session descriptor elements:
<cookie-secure> : true
<cookie-http-only> : false
<url-rewriting-enabled> : false
Both of the above docs point to three weblogic.xml files, out of which, only two are found two in an OIM 11G R2 PS1 env.
The following is not present: <OIM_HOME>/apps/oim.ear/admin.war/WEB-INF/weblogic.xml
Are there additional steps needed to implement secure cookies and SSL completely?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document