How to force users to use HTTPS ENTM UI without disabling the HTTP connector in CA Privileged Identity Manager.

Document ID : KB000031393
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction:

How to force users to use HTTPS ENTM UI without disabling the HTTP connector in CA Privileged Identity Manager.

 

Instructions: 

 

  • Stop JBOSS
  • Edit <JBOSS_INSTALLED_DIRECTORY>\server\default\deploy\jboss-web.deployer\server.xml and make sure the HTTP Connector's redirect port is the HTTPS port(shown In bold).In the below example: HTTP port is 18080 and HTTPS port is 18443.

        <Connector URIEncoding="UTF-8" acceptCount="150" address="${jboss.bind.address}" connectionTimeout="20000" disableUploadTimeout="true" emptySessionPath="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="250" port="18080" protocol="HTTP/1.1" redirectPort="18443"/>

  • Edit <JBOSS_INSTALLED_DIRECTORY>\server\default\deploy\IdentityMinder.ear\user_console.war\WEB-INF\web.xml and add the below security constraint at the end of the file (before </web-app> tag)

 

                        <security-constraint>

                            <web-resource-collection>

                                <web-resource-name>PIM</web-resource-name>

                                <url-pattern>/*</url-pattern>

                           </web-resource-collection>

                           <user-data-constraint>

                                <transport-guarantee>CONFIDENTIAL</transport-guarantee>

                           </user-data-constraint>

                       </security-constraint>

 

                                                            Image clip of web.xml file (Before and after adding the Security Constraint)

                                       BEFORE                                                                                                          AFTER

before.PNG After.PNG

  • Delete the tmp and work directories from the JBOSS Installed directory

      <JBOSS_INSTALLED_DIRECTORY>\server\default\tmp

       <JBOSS_INSTALLED_DIRECTORY>\server\default\work

  •  Restart JBOSS service.

 

Now, when accessing the HTTP ENTM UI (Login Page), it will automatically be redirected to the HTTPS ENTM UI.  This way, users are forced to use HTTPS page without disabling the HTTP connector in the server.xml.

 

 

Additional Information:

In this document ENTM refers to Enterprise Management Server.