Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Identity Manager
11g Release 1 (11.1.1)

Part Number E14308-08
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

9 Enabling Secure Cookies

By default, Oracle Identity Manager can be accessed over HTTP but does not work over Secure Socket Layer (SSL). This is because the cookie-secure flag is disabled by default. The cookie-secure flag tells the Web browser to only send the cookie back over an HTTPS connection. This ensures that the cookie is transmitted only on a secure channel. HTTPS must be enabled for the URL exposed by the application.

To enable Oracle Identity Manager to work over SSL, you must enable the cookie-secure flag. To do so:

  1. Add the <cookie-secure>true</cookie-secure> tag inside the <session-descriptor> element to the following files in the Oracle Identity Manager deployment:

    • OIM_HOME/apps/oim.ear/admin.war/WEB-INF/weblogic.xml

    • OIM_HOME/apps/oim.ear/iam-consoles-faces.war/WEB-INF/weblogic.xml

    • OIM_HOME/apps/oim.ear/xlWebApp.war/WEB-INF/weblogic.xml

  2. Create a new weblogic.xml file for Nexaweb application if it does not exist in its WEB-INF/ directory.

  3. Add the following session descriptor in it:

    <?xml version='1.0' encoding='UTF-8'?>
    <weblogic-web-app
      xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app/1.0"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://xmlns.oracle.com/weblogic/weblogic-web-app/1.0   http://xmlns.oracle.com/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd">
     
      <session-descriptor>
        <persistent-store-type>replicated_if_clustered</persistent-store-type>
        <cookie-http-only>false</cookie-http-only>
        <cookie-name>oimjsessionid</cookie-name>
        <cookie-secure>true</cookie-secure>
        <url-rewriting-enabled>false</url-rewriting-enabled>
      </session-descriptor>
     
    </weblogic-web-app>
    
  4. Save weblogic.xml.

  5. Restart the Oracle Identity Manager Managed Servers.