HTTP only (HTTPOnly) cookie in SiteMinder Web Agent howto
search cancel

HTTP only (HTTPOnly) cookie in SiteMinder Web Agent howto

book

Article ID: 54313

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER CA Single Sign On Agents (SiteMinder)

Issue/Introduction

 

Agent Configuration Object (ACO) parameter "UseHTTPOnlyCookies" will help to create an http-only cookie for SiteMinder Web Agent (1).

 

Resolution

 

A new Agent Configuration Object (ACO) parameter "UseHTTPOnlyCookies" is introduced in 6QMR5 HF06 to create HTTP only cookies in SiteMinder Web Agent. This parameter will add an HTTPOnly flag to all SiteMinder cookies if the value is set to YES. The cookies in which the HTTP-Only attribute would be added are as follows:

  SMSESSION Cookie 
  SMIDENTITY Cookie 
  SMUSRMSG Cookie 
  SMTEXT Cookie 
  SMTRYNO Cookie 
  SMSAVECRED/SMDATA Cookie 
  SMCHALLENGE Cookie 
  SMDOMINODATA Cookie 
  SMONDENIEDREDIR Cookie 
  SMSAVEDSESSION Cookies 
  NTLMCRED Cookie 
  SSLCRED Cookie 
  FORMCRED Cookie

 

Additional Information

 

(1)

    List of Agent Configuration Parameters
    

Powered by Wolken Software