Issue:
We are setting up CA Access Gateway into an existing CA SSO
infrastructure.
For security reason we need to bind the Tomcat HTTP/S and AJP to a
specific address instead of having it listening on all interfaces.
For this purpose we've set the parameter local.host inside the file
server.conf to a local IP address (tried also with hostname) but this
throws an exception on startup and the proxy engine does not come-up
until I set back the parameter to its original value that is
local.host=*. The errors in the logs file are:
nohup.log
ProxyServer initialization failed.
Config File: '/opt/ca/secure-proxy/proxy-engine/conf/server.conf')
server.log
[19/Apr/2018:14:40:31-499] [ERROR] - ProxyServer initialization failed.
[19/Apr/2018:14:40:31-499] [ERROR] - Config File: '/opt/ca/secure-proxy/proxy-engine/conf/server.conf')
proxyui.log
2018-Apr-19 14:36:47,585 - ERROR - com.ca.sps.adminui.listener.SPSConfigLoadServlet - Unable to Initialize Proxy UI Configuration
java.lang.NumberFormatException: null
at java.lang.Integer.parseInt(Integer.java:542) ~[?:1.8.0_162]
at java.lang.Integer.valueOf(Integer.java:766) ~[?:1.8.0_162]
at com.ca.sps.adminui.dao.groupconfiguration.GroupConfigurationDAO.loadCurrentProxyServerInfo(Unknown Source) ~[classes/:?]
at com.ca.sps.adminui.dao.groupconfiguration.GroupConfigurationDAO.getInstance(Unknown Source) ~[classes/:?]
at com.ca.sps.adminui.listener.SPSConfigLoadServlet.init(Unknown Source) [classes/:?]
at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1269) [catalina.jar:7.0.82]
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1182) [catalina.jar:7.0.82]
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1072) [catalina.jar:7.0.82]
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5362) [catalina.jar:7.0.82]
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5660) [catalina.jar:7.0.82]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) [catalina.jar:7.0.82]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1700) [catalina.jar:7.0.82]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1690) [catalina.jar:7.0.82]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_162]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_162]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_162]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_162]
How can we configure this properly ?
Resolution:
At the moment, the functionality to modify the ports and addresses for
the ProxyUI isn't documented and an idea to get it implemented is
still not planned.
Raise this Idea in the CA Single Sign-On Communities to get this
possibility implemented out of the box.
1. Go to the CA Security Overview Page :
2. Click on the "Actions" drop-down menu and select "Create an
idea."
3. Give your idea a title and detailed description to encourage
voting.
4. Publish and vote on your idea!
Please find below link to related content
RFE - Restricting access to the SPS ProxyUI Admin Console
https://communities.ca.com/ideas/235717668
KB : KB000099443