Scribd Logo
Upload

Welcome to Scribd!

  • 2K views

    Enabling Secure Session Cookies On The Oracle

    Uploaded by

    Sridhar Vangapally V
    The document describes how to enable secure session cookies on the Oracle WebLogic Application Server. It involves modifying the weblogic.xml file located in various directories to add code to enable the cookie-secure flag, which ensures session cookies are only sent over HTTPS. The steps are similar for enabling secure cookies in Oracle Identity Manager.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd

    Enabling Secure Session Cookies On The Oracle

    Uploaded by

    Sridhar Vangapally V
    2K views4 pages
    The document describes how to enable secure session cookies on the Oracle WebLogic Application Server. It involves modifying the weblogic.xml file located in various directories to add code to enable the cookie-secure flag, which ensures session cookies are only sent over HTTPS. The steps are similar for enabling secure cookies in Oracle Identity Manager.

    Original Title

    Enabling Secure Session Cookies on the Oracle

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document describes how to enable secure session cookies on the Oracle WebLogic Application Server. It involves modifying the weblogic.xml file located in various directories to add code to enable the cookie-secure flag, which ensures session cookies are only sent over HTTPS. The steps are similar for enabling secure cookies in Oracle Identity Manager.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    2K views4 pages

    Enabling Secure Session Cookies On The Oracle

    Uploaded by

    Sridhar Vangapally V
    The document describes how to enable secure session cookies on the Oracle WebLogic Application Server. It involves modifying the weblogic.xml file located in various directories to add code to enable the cookie-secure flag, which ensures session cookies are only sent over HTTPS. The steps are similar for enabling secure cookies in Oracle Identity Manager.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    You are on page 1of 4
    At a glance
    Powered by AI
    The document discusses enabling secure session cookies on WebLogic Application Server and Oracle Identity Manager by modifying the weblogic.xml configuration files. It also mentions adding configuration to the Nexaweb application's weblogic.xml file.

    You need to modify the weblogic.xml configuration file located in the application directories to add parameters for CookieSecure and URLRewritingEnabled to enable secure session cookies on WebLogic Application Server.

    You need to add the <cookie-secure>true</cookie-secure> tag to the weblogic.xml configuration files for the different applications in the Oracle Identity Manager deployment and restart the managed servers.

    pic.dhe.ibm.com/infocenter/op/v6r2m0/index.jsp?topic= %2Fcom.ibm.swg.ba.cognos.administrators_guide.6.2.0.doc %2Ft_in_enable_and_disable_secure_session_cookies_wls.

    html

    Administer and Deploy > Administrator's Guide 6.2.0 > System Maintenance > SSL for OpenPages GRC Platform environments > SSL configuration for WebLogic Application Server

    Enabling secure session cookies on the Oracle WebLogic Application Server


    To enable or disable secure session cookies in the Oracle WebLogic Application Server, you must modify the weblogic.xml file. The weblogic.xml file is located in the \sosa\WEB-INF and \openpages\WEB-INF directories on all application servers in your environment. A secure session cookie informs the browser to only send the session cookie back over an encrypted HTTP connection. This information ensures that the cookie identifier is secure and is only used with OpenPages when using HTTPS connections. When this feature is enabled, session cookies over an HTTP connection no longer work.

    Procedure
    1. Go to the weblogic.xml file in the \sosa\WEB-INF directory. For example: <OP_HOME>\applications\op-apps\sosa\WEB_INF 2. Back up the weblogic.xml file by copying the file to another location. 3. Open the weblogic.xml file in a text editor. Do one of the following actions:
    o o o o o o o o o

    To enable secure session cookies, you must add the following code. To disable secure session cookies, you must remove the following code.
    <session-param> <param-name>CookieSecure</param-name> <param-value>true</param-value> </session-param> <session-param> <param-name>URLRewritingEnabled</param-name> <param-value>false</param-value>

    </session-param>

    4. Repeat steps 2-3 for the weblogic.xml file in the \openpages\WEB-INF directory. For example, OP_HOME\applications\op-apps\openpages\WEBINF. 5. In a clustered environment, repeat steps 1-4 on all application servers. Parent topic: SSL configuration for WebLogic Application Server

    Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager 11g Release 1 (11.1.1) Part Number E14308-09 Previous Next

    Home Book ContentsIndex Master Contact List Index Us


    PDF Mobi ePub

    9 Enabling Secure Cookies


    By default, Oracle Identity Manager can be accessed over HTTP but does not work over Secure Socket Layer (SSL). This is because the cookie-secure flag is disabled by default. The cookiesecure flag tells the Web browser to only send the cookie back over an HTTPS connection. This ensures that the cookie is transmitted only on a secure channel. HTTPS must be enabled for the URL exposed by the application. To enable Oracle Identity Manager to work over SSL, you must enable the cookie-secure flag. To do so: 1. Add the <cookie-secure>true</cookie-secure> tag inside the <session-descriptor> element to the following files in the Oracle Identity Manager deployment: o OIM_HOME/apps/oim.ear/admin.war/WEB-INF/weblogic.xml o OIM_HOME/apps/oim.ear/iam-consoles-faces.war/WEB-INF/weblogic.xml o OIM_HOME/apps/oim.ear/xlWebApp.war/WEB-INF/weblogic.xml 2. Create a new weblogic.xml file for Nexaweb application if it does not exist in its WEBINF/ directory. 3. Add the following session descriptor in it:
    4. <?xml version='1.0' encoding='UTF-8'?> 5. <weblogic-web-app 6. xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app/1.0" 7. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 8. xsi:schemaLocation="http://xmlns.oracle.com/weblogic/weblogic-webapp/1.0 http://xmlns.oracle.com/weblogic/weblogic-webapp/1.0/weblogic-web-app.xsd"> 9. 10. <session-descriptor> 11. <persistent-store-type>replicated_if_clustered</persistent-storetype> 12. <cookie-http-only>false</cookie-http-only> 13. <cookie-name>oimjsessionid</cookie-name> 14. <cookie-secure>true</cookie-secure> 15. <url-rewriting-enabled>false</url-rewriting-enabled> 16. </session-descriptor> 17. 18. </weblogic-web-app>

    19. Save weblogic.xml. 20. Restart the Oracle Identity Manager Managed Servers.

    You might also like