Forum Discussion
NimbostratusF5/Oracle Access Manager - How to manipulate response to remove "httponly" from ObSSOCookie
Hi All,
is there a way to manipulate the response header for the F5 AccessGate? Currently we have configured Oracle Access Manager on our Staging F5 and are faced with the following issue:
We would like to disable "httponly" for the ObSSOCookie
I used the following irule to test functionality of removing "httonly" for other cookies and it seems to work except for ObSSOCookie which makes be believe is due to the fact that I cant see it on the server response since its not being set by the backend server but by the F5 Access Gate
foreach a_set_cookie_value [HTTP::header values "Set-Cookie"] {
log local0. "[IP::client_addr]:[TCP::client_port]: Current Set-Cookie value: $a_set_cookie_value, \ updated value [string map -nocase {"; httponly" ""} $a_set_cookie_value]" HTTP::header replace Set-Cookie [string map -nocase {"; httponly" ""} [HTTP::header Set-Cookie]] }
if my thoughts are correct, how can I write an irule to look at the accessgate traffic and manipulate the response? thank you in advance
1 Reply
riverj30_77570I was able to remove the httponly from the ObSSOCookie which is set by F5 by looking at the "HTTP_RESPONSE_RELEASE" even... below is my sample irule
when HTTP_RESPONSE_RELEASE {
log all cookies set cookieNames [HTTP::cookie names] foreach aCookie $cookieNames { log local0. "header is: [HTTP::header Set-Cookie]" }
change httponly on a cookie if { [HTTP::header Set-Cookie] contains "ObSSOCookie" } { HTTP::header replace Set-Cookie [string map -nocase {"; httponly" ""} [HTTP::header Set-Cookie]]
}
}
