XUI does not enable Secure cookie flags for SSO tracking cookie on 13.5.0

[ogis-miyamura]

Title

XUI does not enable Secure cookie flags for SSO tracking cookie on 13.5.0

Description

On 13.5.0 the iPlanetDirectoryPro (SSO) cookie is not set to Secure even when this is enabled. The same exact setting worked on 13.0.0.

# curl -k https://openam.example.com:8443/openam/json/serverinfo/* 
{"domains":[".example.com"],"protectedUserAttributes":[],"cookieName":"iPlanetDirectoryPro","secureCookie":true,"forgotPassword":"false","forgotUsername":"false","kbaEnabled":"false","selfRegistration":"false","lang":"en-US","successfulUserRegistrationDestination":"default","socialImplementations":[],"referralsEnabled":"false","zeroPageLogin":{"enabled":false,"refererWhitelist":[],"allowedWithoutReferer":true},"realm":"/","xuiUserSessionValidationEnabled":true}

Steps to reproduce

• Setting Change

  1. Access OpenAM login as adminstrator.
  2. Configure > Server Defaults > Security.
  3. On the Cookie tab, select Secure Cookie, and then click Save Changes.

• Testcase

  1. Clear all browser cookies
  2. Access OpenAM in XUI and login
  3. Check the iPlanetDirectoryPro cookie attributes.

Expected Results

The SSO cookie (iPlanetDirectoryPro) have the secure attribute (using XUI).
This worked in 13.0.0

Actual Results

The SSO cookie does not have the secure attribute (using XUI).

Reference

• [OPENAM-9515] XUI does not enable Secure cookie flags for SSO tracking cookie on 13.5.0