Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Identity Manager
11g Release 2 (11.1.2)

Part Number E27149-16
Go to Documentation Home
Go to Table of Contents
Go to Index
Go to Feedback page
Contact Us

Go to previous page
Go to next page
PDF · Mobi · ePub

30 Enabling Secure Cookies

By default, Oracle Identity Manager can be accessed over HTTP but does not work over Secure Socket Layer (SSL). This is because the cookie-secure flag is disabled by default. The cookie-secure flag tells the Web browser to only send the cookie back over an HTTPS connection. This ensures that the cookie is transmitted only on a secure channel. HTTPS must be enabled for the URL exposed by the application.

To enable Oracle Identity Manager to work over SSL, you must enable the cookie-secure flag. To do so:

  1. Add the <cookie-secure>true</cookie-secure> tag inside the <session-descriptor> element to the following files in the Oracle Identity Manager deployment:

    • OIM_HOME/apps/oim.ear/admin.war/WEB-INF/weblogic.xml

    • OIM_HOME/apps/oim.ear/iam-consoles-faces.war/WEB-INF/weblogic.xml

    • OIM_HOME/apps/oim.ear/xlWebApp.war/WEB-INF/weblogic.xml

  2. Create a new weblogic.xml file for Nexaweb application if it does not exist in its WEB-INF/ directory.

  3. Add the following session descriptor in it:

    <?xml version='1.0' encoding='UTF-8'?>
  4. Save weblogic.xml.

  5. Restart the Oracle Identity Manager Managed Servers.