on 08-18-2020 10:36 PM
Hi,
How to apply "secure" attribute to session cookies to ensure that they are sent vis HTTPS only in ABAP system?
Based on my research, i think login/ticket_only_by_https should be set to 1.
Please confirm and correct me if i am wrong. thanks
Thanks for the prompt response.
I compared the value of login/ticket_only_by_https parameter with another system which doesn't have the vulnerability and the value seems to be the default 0.
I went ahead and compared SAML config and found difference in Authentication response value
(SAML->Trusted providers -> Authentication Requirement--> Authentication response). The system which has Vulnerability is set to default and which doesn't is set to "ACS - application URL and binding- HTTP POST"
before making the parameter value, i wanted to ask if Authentication response is causing the issue?
Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
Yes, you are correct.
You can use RZ11 and read the information about the parameter for information.
Warren also provided you with a KBA and a SAP Help page for additional documentation.
An extra documentation is available here.
Regards,
Cris
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
75 | |
9 | |
8 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.