Symantec Privileged Access Management

  • Private Community
Back to Library

CA Security Tuesday Tip: Privileged Identity Manager: How to disable HTTP interface to ENTM GUI so that it can only be accessed via HTTPS? 

May 19, 2015 08:11 AM

CA Privileged Identity Manager Tuesday Tip by Leandro Laurenti, Support Engineer for 05/19/2015.

Document ID:  TEC606700
Last Modified Date:  2/26/2014

 

  • Products
    • CA Privileged Identity Manager
    • CA Virtual Privilege Manager
    • CA Workload Automation AE
  • Releases
    • CA Privileged Identity Manager:Release:12.5.5
    • CA Privileged Identity Manager:Release:12.6
    • CA Privileged Identity Manager:Release:12.6 SP1
    • CA Privileged Identity Manager:Release:12.6.01
    • CA Privileged Identity Manager:Release:12.6.02
    • CA Privileged Identity Manager:Release:12.6.03
    • CA Privileged Identity Manager:Release:12.7
    • CA Privileged Identity Manager:Release:12.7.1
    • CA Privileged Identity Manager:Release:12.8
  • Components
    • CA ControlMinder - Unix
    • CA ControlMinder

 

Description:

By default HTTP and HTTPS are both enabled to access the JBoss ENTM GUI.

For security reasons it might be desired to disable the HTTP interface only allowing access via HTTPS.

Solution:

In order to disable the JBOSS HTTP interface do the following

  • Edit the file server.xml located in the following path
    <Drive/Directory>/jboss-4.2.3.GA/server/default/deploy/jboss-web.deployer/server.xml
  • Locate the HTTP connector definition
    ...
    <Connector
    URIEncoding="UTF-8" acceptCount="150" address="${jboss.bind.address}"
    connectionTimeout="20000" disableUploadTimeout="true"
    emptySessionPath="true" enableLookups="false" maxHttpHeaderSize="8192"
    maxThreads="250" port="18080" protocol="HTTP/1.1" redirectPort="18443"
    />
    ...
  • Delete the complete clause or put it in between comments
    <!--
    ...
    -->
  • Save the file and restart JBoss
  • Access the ENTM GUI in your Web Browser via HTTPS
    https://fqdn.of.ENTM.box:18443/iam/ac/
  • Verify that access to the ENTM GUI via HTTP is not working
    http://fqdn.of.ENTM.box:18080/iam/ac/

Finally change the base url of the ac-env

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.