Idea Details

Enhance the CA Single Sign On WebSphere Application Server Agent to allow HTTPONLY cookies

Last activity 12-17-2016 09:10 AM
JoshPerlmutter's profile image
08-01-2016 07:09 AM

In a recent install i found two cookies being set. i opened a case and found the reason is that the ASA does not support HTTPONLY cookies. for a security product not to allow a security setting is shocking. my company mandates use of httponly flag for security. please enhance the WebSphere ASA R12.0 line and later to allow for httponly flag setting


Comments

10-21-2016 04:43 AM

Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers. Your input is vital to that effort. The CA Single Sign-On Product Management team is reviewing your enhancement suggestion. The Community will continue to be able to vote on this enhancement idea.