Access Manager Solution: Modification of Profile Attributes (Technical Note: Precautions Against Cookie Hijacking in an Access Manager Deployment)

Technical Note: Precautions Against Cookie Hijacking in an Access Manager Deployment

Previous: Access Manager Solution: A Less Secure Application
Next: Key Aspects of the Access Manager Solution: Cookie Hijacking Security Issues

Access Manager Solution: Modification of Profile Attributes

The security issue labeled “Security Issue: Access to User Profile Attributes” in this document pertains to the threat posed by an untrusted application modifying the profile attributes of the user. The Access Manager solution to this issue does not change the SSO token. The restricted SSO token is identical to the regular SSO token ID. However, the set of Session Service operations that accept restricted SSO token IDs is limited. This functionality enables Access Manager to prevent applications from modifying profile attributes of the user.

Previous: Access Manager Solution: A Less Secure Application
Next: Key Aspects of the Access Manager Solution: Cookie Hijacking Security Issues