Hello Team, Can someone let me know how to set the saml_request_path cookie as httponly and secure in aem . Our website was given for webscan and this is the response that we got in webscan report.
Attack Request:
POST /saml_login HTTP/1.1
Host: <myhost>
Connection: keep-alive
Content-Length: 10825
Cache-Control: max-age=0
Origin: <>
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
...
..
etc
&
Attack Response:
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://<myapp>.html
Server: XYZ
Set-Cookie: login-token=abcde%3acrx.default; Path=/; HttpOnly; Secure
Set-Cookie: saml_request_path="";Version=1;Path=/;Expires=Tue, 17-Jul-2018 11:08:09 GMT;Max-Age=1
X-Content-Type-Options: nosniff
Solved! Go to Solution.
Views
Replies
Total Likes
Make sure your sslfilter is configured correctly if you are using ssl termination in the dispatcher or load balancer.
See AEM redirecting user back to http if accessed through SSL terminated Load Balancer for details.
We experienced the same issue. When the sslfilter is set correctly, the cookie becomes secure as well.
Make sure your sslfilter is configured correctly if you are using ssl termination in the dispatcher or load balancer.
See AEM redirecting user back to http if accessed through SSL terminated Load Balancer for details.
We experienced the same issue. When the sslfilter is set correctly, the cookie becomes secure as well.
Do I need to mention your site should be on https?