Can't set httpOnly=true for the iPlanetDirectoryPro cookie

OpenIdentityPlatform / OpenAM

OpenAM is an open access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security.

https://www.openidentityplatform.org/openam

Other

777 stars 152 forks source link

Can't set httpOnly=true for the iPlanetDirectoryPro cookie #193

Closed IvanAndrukh closed 1 year ago

IvanAndrukh commented 5 years ago

Describe the bug I've tried to turn on httpOnly from admin panel(com.sun.identity.cookie.httponly=true) but it doesn't help. How can I set httpOnly to the 'true'?

Expected behavior HttpOnly flag is turned on for the iPlanetDirectoryPro cookie

Additional context Here is the screenshot. image_2019_10_10T16_28_26_907Z

maximthomas commented 4 years ago

Seems there is an issue with XUI, it can't create http only cookie by design, I'll try to figure out how to fix this.

IvanAndrukh commented 4 years ago

Please, notify when you resolve this issue.

akshay141095 commented 4 years ago

Please notify when the issue is resolved

vharseko commented 1 year ago

XUI, it can't create http only cookie by design

bhargavabada commented 1 month ago

XUI, it can't create http only cookie by design

is there any work around to enable Http Only flag in OpenAM 13.5.2 without disabling XUI .

maximthomas commented 1 month ago

Unfortunately, not yet.

bhargavabada commented 1 month ago

Unfortunately, not yet. thanks for the quick reply .

bhargavabada commented 1 month ago

Unfortunately, not yet.

Can we set this flag true for federated module authentication . SAML federation does not require XUI interaction . Any enhancement or post Authentication federation module can we set the http only flag .

vharseko commented 1 month ago

use

-Dcom.sun.identity.cookie.httponly=true