Cannot Bind to specifc local Address

Document ID : KB000099443
Last Modified Date : 06/06/2018
Show Technical Document Details
Issue:
We are setting up CA Access Gateway into an existing CA SSO
infrastructure.  

For security reason we need to bind the Tomcat HTTP/S and AJP to a
specific address instead of having it listening on all interfaces. 

For this purpose we've set the parameter local.host inside the file
server.conf to a local IP address (tried also with hostname) but this
throws an exception on startup and the proxy engine does not come-up
until I set back the parameter to its original value that is
local.host=*.  The errors in the logs file are:

nohup.log 

ProxyServer initialization failed. 
Config File: '/opt/ca/secure-proxy/proxy-engine/conf/server.conf') 

server.log 

[19/Apr/2018:14:40:31-499] [ERROR] - ProxyServer initialization failed. 
[19/Apr/2018:14:40:31-499] [ERROR] - Config File: '/opt/ca/secure-proxy/proxy-engine/conf/server.conf') 

proxyui.log 

2018-Apr-19 14:36:47,585 - ERROR - com.ca.sps.adminui.listener.SPSConfigLoadServlet - Unable to Initialize Proxy UI Configuration 
java.lang.NumberFormatException: null 
at java.lang.Integer.parseInt(Integer.java:542) ~[?:1.8.0_162] 
at java.lang.Integer.valueOf(Integer.java:766) ~[?:1.8.0_162] 
at com.ca.sps.adminui.dao.groupconfiguration.GroupConfigurationDAO.loadCurrentProxyServerInfo(Unknown Source) ~[classes/:?] 
at com.ca.sps.adminui.dao.groupconfiguration.GroupConfigurationDAO.getInstance(Unknown Source) ~[classes/:?] 
at com.ca.sps.adminui.listener.SPSConfigLoadServlet.init(Unknown Source) [classes/:?] 
at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1269) [catalina.jar:7.0.82] 
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1182) [catalina.jar:7.0.82] 
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1072) [catalina.jar:7.0.82] 
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5362) [catalina.jar:7.0.82] 
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5660) [catalina.jar:7.0.82] 
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) [catalina.jar:7.0.82] 
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1700) [catalina.jar:7.0.82] 
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1690) [catalina.jar:7.0.82] 
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_162] 
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_162] 
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_162] 
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_162] 

How can we configure this properly ?
Resolution:
At the moment, the functionality to modify the ports and addresses for
the ProxyUI isn't documented and an idea to get it implemented is
still not planned.

Raise this Idea in the CA Single Sign-On Communities to get this
possibility implemented out of the box.

  1. Go to the CA Security Overview Page :
     https://communities.ca.com/community/ca-security/ca-single-sign-on
  2. Click on the "Actions" drop-down menu and select "Create an
     idea."
  3. Give your idea a title and detailed description to encourage
     voting.
  4. Publish and vote on your idea!

Please find below link to related content 

  RFE - Restricting access to the SPS ProxyUI Admin Console 
  https://communities.ca.com/ideas/235717668