Cannot Bind to specifc local Address

Document ID : KB000099443
Last Modified Date : 06/06/2018
Show Technical Document Details
We are setting up CA Access Gateway into an existing CA SSO

For security reason we need to bind the Tomcat HTTP/S and AJP to a
specific address instead of having it listening on all interfaces. 

For this purpose we've set the parameter inside the file
server.conf to a local IP address (tried also with hostname) but this
throws an exception on startup and the proxy engine does not come-up
until I set back the parameter to its original value that is*.  The errors in the logs file are:


ProxyServer initialization failed. 
Config File: '/opt/ca/secure-proxy/proxy-engine/conf/server.conf') 


[19/Apr/2018:14:40:31-499] [ERROR] - ProxyServer initialization failed. 
[19/Apr/2018:14:40:31-499] [ERROR] - Config File: '/opt/ca/secure-proxy/proxy-engine/conf/server.conf') 


2018-Apr-19 14:36:47,585 - ERROR - - Unable to Initialize Proxy UI Configuration 
java.lang.NumberFormatException: null 
at java.lang.Integer.parseInt( ~[?:1.8.0_162] 
at java.lang.Integer.valueOf( ~[?:1.8.0_162] 
at Source) ~[classes/:?] 
at Source) ~[classes/:?] 
at Source) [classes/:?] 
at org.apache.catalina.core.StandardWrapper.initServlet( [catalina.jar:7.0.82] 
at org.apache.catalina.core.StandardWrapper.loadServlet( [catalina.jar:7.0.82] 
at org.apache.catalina.core.StandardWrapper.load( [catalina.jar:7.0.82] 
at org.apache.catalina.core.StandardContext.loadOnStartup( [catalina.jar:7.0.82] 
at org.apache.catalina.core.StandardContext.startInternal( [catalina.jar:7.0.82] 
at org.apache.catalina.util.LifecycleBase.start( [catalina.jar:7.0.82] 
at org.apache.catalina.core.ContainerBase$ [catalina.jar:7.0.82] 
at org.apache.catalina.core.ContainerBase$ [catalina.jar:7.0.82] 
at [?:1.8.0_162] 
at java.util.concurrent.ThreadPoolExecutor.runWorker( [?:1.8.0_162] 
at java.util.concurrent.ThreadPoolExecutor$ [?:1.8.0_162] 
at [?:1.8.0_162] 

How can we configure this properly ?
At the moment, the functionality to modify the ports and addresses for
the ProxyUI isn't documented and an idea to get it implemented is
still not planned.

Raise this Idea in the CA Single Sign-On Communities to get this
possibility implemented out of the box.

  1. Go to the CA Security Overview Page :
  2. Click on the "Actions" drop-down menu and select "Create an
  3. Give your idea a title and detailed description to encourage
  4. Publish and vote on your idea!

Please find below link to related content 

  RFE - Restricting access to the SPS ProxyUI Admin Console