Restrict access to CA Identity Manager about.jsp

book

Article ID: 144164

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance

Issue/Introduction

The CA Identity Manager application discloses its version by accessing the about.jsp page from the "About" menu.

While access to the page is only for a logged in user, some sites may choose to restrict the access to the actual release / patch level.

 

Environment

Release : 14.x

Component : IdentityMinder(Identity Manager)

Resolution

One option would be to utilize SSO (if used) and create a dedicated protected realm for /iam/im/<IME_ALIAS>/ca12/about.jsp
Another option would be to use the sample under Identity Manager admin tools (..\CA\Identity Manager\IAM Suite\Identity Manager\tools\samples\Admin) as described in the Readme.txt and utilize the application server itself for additional protection, much the way it is done with logging.jsp