Can SiteMinder session cookies be configured to be issued with the Secure flag?

book

Article ID: 14693

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction



Can SiteMinder session cookies be configured with the Secure flag? If yes, how we can do it?

Environment

Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
Component:

Resolution

The UseSecureCookies Agent Configuration Object (ACO) parameter to create secure cookies in SiteMinder Web Agent to be sent between a protected web server and the browser over secure (HTTPS) connections. This parameter will add the Secure flag to SiteMinder session cookies if the value is set to YES.

When this setting is enabled, users in Single Sign-On environments who move from an SSL web server to a non-SSL web server will have to re-authenticate. Secure cookies cannot be passed over traditional HTTP connections.

Additional Information

More information : Set Secure Cookies