IBM Security Verify

Shape the future of IBM Security Verify

We invite you to shape the future of IBM, including the product roadmap, by submitting ideas that matter to you the most.

Here's how it works:

Post your ideas

Start by posting ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea

Submit a private idea

If you have confidential information or customer data to share with your idea, then - DO NOT submit using the link below, instead - please open a private feature request.

And finally - if its an issue with expected behaviour, a product defect or a support need, open a Support Case

Use Open Id Connect Without Session Cookie

Our Cyber and security architecture teams have identified a security issue when using session cookies during user authentication with Open ID Connect as the sign-on method. We are requesting an enhancement to IBM SV custom applications, when Open Id Connect as the sign-on method (grant type authorization code or device flow, etc.) is used, we have the option to not have a session cookie returned to the user’s browser.

  • Guest
  • Nov 18 2021
  • Not under consideration

Related ideas

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.