Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make it easy for customers to find ssoRequiresSSL flag #7370

Closed
una-tapa opened this issue May 30, 2024 · 2 comments · Fixed by #7393
Closed

Make it easy for customers to find ssoRequiresSSL flag #7370

una-tapa opened this issue May 30, 2024 · 2 comments · Fixed by #7393
Assignees
@dmuelle
Labels
serviceability technical reviewed An SME reviewed and approved the documentation from a technical perspective.
Milestone
24.0.0.6

Comments

@una-tapa
Copy link
Member

una-tapa commented May 30, 2024
edited by dmuelle
Loading

This issue comes from our support team serviceability initiative.

One of the frequently asked questions from customers is "what flag to set to secure the LTPA cookie in Liberty env?"

Although the information can be found in the stackovervlow,
https://stackoverflow.com/questions/49119765/securing-ltpa-token-in-websphere-liberty-profile

Adding <webAppSecurity ssoRequiresSSL="true"/> to the server.xml file should do it.
@dmuelle
Copy link
Member

dmuelle commented May 30, 2024
edited
Loading

We have this documented in OL under Server configuration security hardening: Best practices and network hardening: LTPA best practices. I will links to it to Single sign-on (SSO):LTPA and the LTPA examples on the apSecurity feature page

@dmuelle dmuelle self-assigned this May 30, 2024
@dmuelle dmuelle added this to the 24.0.0.6 milestone May 30, 2024
dmuelle added a commit that referenced this issue May 30, 2024
@dmuelle
add links to LTPA best practices
ac2212d 
#7370
@dmuelle dmuelle mentioned this issue May 30, 2024
Closed
@dmuelle
Copy link
Member

dmuelle commented May 30, 2024

Hi @una-tapa - I added links to our existing LTPA best practices info, which includes the ssoRequiresSSL="true" setting, to the LTPA section of the single sign on page and the LTPA examples on the App Security feature page. WL updates are handled in a separate issue. If any further edits are needed for the Open Liberty docs, just let me know. Thanks!

@dmuelle dmuelle added the technical reviewed An SME reviewed and approved the documentation from a technical perspective. label Jun 11, 2024
@dmuelle dmuelle mentioned this issue Jun 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dmuelle dmuelle

Labels
serviceability technical reviewed An SME reviewed and approved the documentation from a technical perspective.
Projects
None yet
Milestone
24.0.0.6
Development

Successfully merging a pull request may close this issue.

Staging to vNext 24.0.0.6 issues OpenLiberty/docs
2 participants
@una-tapa @dmuelle