How To
Archived

How do I configure HTTPOnly and Secure cookies for DAS in OpenAM 11.x and 12.x?

Last updated Jan 5, 2021

The purpose of this article is to provide information on configuring HTTPOnly and Secure cookies for the Distributed Authentication Service (DAS) in OpenAM 11.x and 12.x.


1 reader recommends this article

Archived

This article has been archived and is no longer maintained by ForgeRock.

Configuring HTTPOnly and Secure cookies

You should add the following properties to the DAS configuration file for each DAS instance:

  • HTTPOnly: com.sun.identity.cookie.httponly=true
  • Secure: com.iplanet.am.cookie.secure=true
Caution

It is recommended that you also add the following property if you have enabled HTTPOnly cookies due to the way some web containers (like Apache Tomcat™) parse cookies that contain special characters:

com.iplanet.am.cookie.encode=true

The DAS configuration file is located in the $HOME/FAMDistAuth directory and is called *AMDistAuthConfig.properties.

See Also

Error when HTTPOnly is enabled for DAS in OpenAM 11.x and 12.x

FAQ: Distributed Authentication Service (DAS) in OpenAM

Related Training

N/A

Related Issue Tracker IDs

OPENAM-3740 (HttpOnly and Secure cookie flags not always honored in multiserver deployments)


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.