Keep communications secure by using encryption, properly configured cookies, and request and response signatures.
-
Protect network traffic by using HTTPS and LDAPS where possible.
-
When using HTTPS, use secure cookies.
-
Where possible, use subdomain cookies, and control subdomains in a specific DNS master.
-
Use cookie hijacking protection with restricted tokens, where each policy agent uses different SSO tokens for the same user. See To Protect Against CDSSO Cookie Hijacking for instructions.
-
When using SAML 2.0:
-
Sign authentication requests, authentication responses, and single logout requests.
-
If the other entities in your circle of trust can handle encryption, then use encryption as well.
-
Use your own key, not the
testkey provided with OpenAM.
-
