search cancel

How to set http only (HTTPOnly) cookie in SiteMinder web agent?

book

Article ID: 54313

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

Agent Configuration Object (ACO) parameter "UseHTTPOnlyCookies" will help to create a http only cookie for SiteMinder web agent.

Solution:

A new Agent Configuration Object (ACO) parameter "UseHTTPOnlyCookies" is introduced in 6QMR5 HF06 to create http only cookies in SiteMinder web agent. This parameter will add HTTPOnly flag to all SiteMinder cookies if the value is set to YES. The cookies in which the HTTP-Only attribute would be added are as follows:

  SMSESSION Cookie 
  SMIDENTITY Cookie 
  SMUSRMSG Cookie 
  SMTEXT Cookie 
  SMTRYNO Cookie 
  SMSAVECRED/SMDATA Cookie 
  SMCHALLENGE Cookie 
  SMDOMINODATA Cookie 
  SMONDENIEDREDIR Cookie 
  SMSAVEDSESSION Cookies 
  NTLMCRED Cookie 
  SSLCRED Cookie 
  FORMCRED Cookie

Environment

Release:
Component: SMAPC