How to disable HTTP interface to ENTM GUI so that it can only be accessed via HTTPS?

book

Article ID: 19289

calendar_today

Updated On:

Products

CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation Agent

Issue/Introduction

Description:

By default HTTP and HTTPS are both enabled to access the JBoss ENTM GUI.

For security reasons it might be desired to disable the HTTP interface only allowing access via HTTPS.

Solution:

In order to disable the JBOSS HTTP interface do the following

  • Ddit the file server.xml located in the following path
    <Drive/Directory>/jboss-4.2.3.GA/server/default/deploy/jboss-web.deployer/server.xml
  • Locate the HTTP connector definition
    ...
    <Connector
    URIEncoding="UTF-8" acceptCount="150" address="${jboss.bind.address}"
    connectionTimeout="20000" disableUploadTimeout="true"
    emptySessionPath="true" enableLookups="false" maxHttpHeaderSize="8192"
    maxThreads="250" port="18080" protocol="HTTP/1.1" redirectPort="18443"
    />
    ...
  • Delete the complete clause or put it in between comments
    <!--
    ...
    -->
  • Save the file and restart JBoss
  • Access the ENTM GUI in your Web Browser via HTTPS
    https://fqdn.of.ENTM.box:18443/iam/ac/
  • Verify that access to the ENTM GUI via HTTP is not working
    http://fqdn.of.ENTM.box:18080/iam/ac/

Finally change the base url of the ac-env

  • Open the ENTM Management Console
    https://fqdn.of.ENTM.box:18443/idmmanage
  • Click on Environments and then on ac-env.
    Locate the "Base URL" field. and update this field to reflect the new URL on port 18443, e.g
    https://fqdn.of.ENTM.box:18443/iam
  • Click on Save and Restart the environment.

Environment

Release: ACP1M005900-12.6-Privileged Identity Manager
Component: