Configuring Client-Based Session Security
AM can issue CTS-based sessions, which contain a reference to the real session stored in the CTS store, or client-based sessions, which contain all the information that would be held in the CTS store.
While both types are susceptible to cookie hijacking, client-based sessions are even more vulnerable, since they contain all the information for the session. Therefore, the malicious user could tamper with the session data to their benefit.
When using client-based sessions and client-based authentication sessions, you should configure AM to sign and/or encrypt the JWT containing session information:
AM verifies that the JWT is authentic by validating a signature configured in the Session Service. AM thwarts attackers who might attempt to tamper with the contents of the JWT or its signature, or who might attempt to sign the JWT with an incorrect signature.
Knowledgeable users can easily decode JWTs. Because an AM session or authentication session contains information that might be considered sensitive, encrypting the JWT that contains it protects its contents, ensuring opaqueness.
Encrypting the JWT prevents man-in-the-middle attacks that could log the state of every AM session. Encryption also ensures that end users are unable to access the information in their AM session.
Client-based sessions and client-based authentication sessions share the same encryption and signing configuration.
Important
To ensure that the client-based session cookie size does not surpass the browser supported size, Web Agents and Java Agents do not support both signing and encrypting the session cookie. For more information, see "Client-Based Session Security and Agents".
The following sections provide detailed steps for configuring client-based session and authentication session cookie security:
Configuring the JWT Signature
Configure a JWT signature to prevent malicious tampering of client-based session and authentication session JWTs.
Perform the following steps to configure the JWT signature:
Go to Configure > Global Services > Session > Client-based Sessions.
From the Signing Algorithm Type drop-down menu, select a suitable algorithm for your environment.
The default value is
HS256.Note
Do not sign the JWT if you plan to encrypt it with the Direct AES Encryption algorithm, because the signature will be redundant. To disable JWT signing, perform the following steps:
Go to Configure > Server Defaults > Advanced.
Set the
org.forgerock.openam.session.stateless.signing.allownoneproperty totrue.To configure advanced server properties in the AM Admin UI for all AM instances, go to Configure > Server Defaults > Advanced.
To configure advanced server properties for a particular instance, go to Deployment > Servers > Server Name > Advanced.
If the property you want to add or edit is not already configured, add it with its value, then click on the plus () button.
If the property you want to add or edit is already configured, click on the pencil () button to edit it. When you are finished, click on the tick () button.
Save your changes.
Go to Configure > Global Services > Session > Client-based Sessions.
From the Signing Algorithm Type drop-down list, select
NONE.Save your changes.
Configure a secret relevant to the algorithm you chose:
(Optional) If you specified an HMAC signing algorithm, change the value in the Signing HMAC Shared Secret field if you do not want to use the generated default value.
Save your changes.
(Optional) If you specified the RS256 signing algorithm, or any of the elliptic curve algorithms, configure a suitable secret in the
am.global.services.session.clientbased.signingsecret ID. You can only configure this secret at a global level.For more information about configuring secrets, see "Configuring Secret Stores".
For detailed information about Session Service configuration attributes, see the entries for "Session".
Configuring JWT Encryption
Configure JWT encryption to prevent man-in-the-middle attackers from accessing users' session details, and to prevent end users from examining the content in the JWT.
Perform the following steps to encrypt the JWT:
Go to Global Services > Session > Client-based Sessions.
From the Encryption Algorithm drop-down list, select a suitable algorithm.
(Optional) If you selected the
RSAalgorithm, perform the following steps:Configure a suitable secret in the
am.global.services.session.clientbased.encryptionsecret ID. You can only configure this secret at a global level.For more information about configuring secrets, see "Configuring Secret Stores".
Configure one of the following paddings in the
org.forgerock.openam.session.stateless.rsa.paddingadvanced server property:• RSA1_5. RSA with PKCS#1 v1.5 padding. • RSA-OAEP. RSA with OAEP and SHA-1. • RSA-OAEP-256. RSA with OAEP padding and SHA-256. The default is
RSA-OAEP-256.To configure advanced server properties in the AM Admin UI for all AM instances, go to Configure > Server Defaults > Advanced.
To configure advanced server properties for a particular instance, go to Deployment > Servers > Server Name > Advanced.
If the property you want to add or edit is not already configured, add it with its value, then click on the plus () button.
If the property you want to add or edit is already configured, click on the pencil () button to edit it. When you are finished, click on the tick () button.
Save your changes.
(Optional) If you selected the
AES KeyWrappingorDirect AES Encryptionalgorithms, perform the following steps:If you do not want to use the generated default value, enter a base64-encoded random key in the Encryption Symmetric AES Key field:
For direct encryption with AES-GCM, or for AES-KeyWrap with any content encryption method, the secret must be 128, 192, or 256 bits long.
For direct encryption with AES-CBC-HMAC, the secret must be 256, 384, or 512 bits long.
Save your changes.
For the underlying content encryption method, configure one of the following encryption methods in the
org.forgerock.openam.session.stateless.encryption.methodadvanced server property:• A128CBC-HS256. AES 128-bit in CBC mode with HMAC-SHA-256-128 hash (HS256 truncated to 128 bits) • A192CBC-HS384. AES 192-bit in CBC mode with HMAC-SHA-384-192 hash (HS384 truncated to 192 bits) • A256CBC-HS512. AES 256-bit in CBC mode with HMAC-SHA-512-256 hash (HS512 truncated to 256 bits) • A128GCM. AES 128-bit in GCM mode • A192GCM. AES 192-bit in GCM mode • A256GCM. AES 256-bit in GCM mode The default is
A128CBC-HS256.To configure advanced server properties in the AM Admin UI for all AM instances, go to Configure > Server Defaults > Advanced.
To configure advanced server properties for a particular instance, go to Deployment > Servers > Server Name > Advanced.
If the property you want to add or edit is not already configured, add it with its value, then click on the plus () button.
If the property you want to add or edit is already configured, click on the pencil () button to edit it. When you are finished, click on the tick () button.
Save your changes.
(Optional) To compress the session state, select
Deflate Compressionfrom the Compression Algorithm drop-down list.Warning
When set to
Deflate compression, this option may lead to a possible vulnerability with session state information leakage. Because the session token compression depends on the data in the session, an attacker can vary one part of the session (for example, the username or some other property) and then deduce some secret parts of the session state by examining how the session compresses. You should evaluate this threat depending on your use cases before enabling compression and encryption together.By default, AM rejects compressed session JWTs that expand to a size larger than 32 KiB (32768 bytes). For more information, see "Controlling the Maximum Size of Compressed JWTs".
For detailed information about Session Service configuration attributes, see the entries for "Session".
Client-Based Session Security and Agents
To ensure that the client-based session cookie size does not surpass the browser supported size, Web Agents and Java Agents do not support both signing and encrypting the session cookie. To configure agents with client-based sessions, implement one of the following configurations:
Configure signing and compression:
Enable HS256 signing for the client-based session cookie. For more information, see "Configuring Client-Based Session Security".
Enable compression by navigating to Configure > Global Services > Session > Client-based Sessions and selecting
Deflate Compressionfrom the Compression Algorithm drop-down.
Configure encryption and compression:
Set the
org.forgerock.openam.session.stateless.signing.allownoneadvanced server property totruefor all the instances in the environment.To configure advanced server properties in the AM Admin UI for all AM instances, go to Configure > Server Defaults > Advanced.
To configure advanced server properties for a particular instance, go to Deployment > Servers > Server Name > Advanced.
If the property you want to add or edit is not already configured, add it with its value, then click on the plus () button.
If the property you want to add or edit is already configured, click on the pencil () button to edit it. When you are finished, click on the tick () button.
Save your changes.
Disable signing for the client-based session cookie by navigating to Configure > Global Services > Session > Client-based Sessions and selecting
NONEfrom the Signing Algorithm Type drop-down.Enable Direct AES Encryption. For more information, see "Configuring JWT Encryption".
Enable compression by navigating to Configure > Global Services > Session > Client-based Sessions and selecting
Deflate Compressionfrom the Compression Algorithm drop-down.
Failure to set up client-based sessions correctly may cause unexpected errors when accessing a protected resource, such as blank pages and redirection loops.
Client-based sessions do not support restricted tokens. Therefore, Web Agents and Java Agents configured in a realm configured for client-based sessions are not protected against cookie hijacking. ForgeRock recommends using web or Java agents with CTS-based sessions.