JSESSIONID cookie was issued by the application and does not have the secure flag set
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function
Policy Server Version: 12.8 SP6a
Policy Server OS: Linux x86_64
WAM UI Version: 12.8SP6a
WAM UI OS:Linux x86_64
The Siteminder AdminUI is hosted on a JBOSS Wildfly appplication server. The 'secure' and 'HTTPOnly' flags for the cookies set by JBOSS (e.g. JSESSIONID) are controlled within the following file:
1) Stop the Siteminder AdminUI
2) Edit the following file:
3) Locate the 'session-config' element. It will be similar to the following:
4) Add the 'secure' flag to the 'session-config' element.
5) Save the changes.
6) Start the Admin UI.