How to force users to use HTTPS ENTM UI without disabling the HTTP connector in CA Privileged Identity Manager.
Article ID: 31393
Updated On:
Products
Issue/Introduction
Introduction:
How to force users to use HTTPS ENTM UI without disabling the HTTP connector in CA Privileged Identity Manager.
Instructions:
- Stop JBOSS
- Edit <JBOSS_INSTALLED_DIRECTORY>\server\default\deploy\jboss-web.deployer\server.xml and make sure the HTTP Connector's redirect port is the HTTPS port(shown In bold).In the below example: HTTP port is 18080 and HTTPS port is 18443.
<Connector URIEncoding="UTF-8" acceptCount="150" address="${jboss.bind.address}" connectionTimeout="20000" disableUploadTimeout="true" emptySessionPath="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="250" port="18080" protocol="HTTP/1.1" redirectPort="18443"/>
- Edit <JBOSS_INSTALLED_DIRECTORY>\server\default\deploy\IdentityMinder.ear\user_console.war\WEB-INF\web.xml and add the below security constraint at the end of the file (before </web-app> tag)
<security-constraint>
<web-resource-collection>
<web-resource-name>PIM</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Image clip of web.xml file (Before and after adding the Security Constraint)
BEFORE AFTER
<Please see attached file for image>
<Please see attached file for image>
- Delete the tmp and work directories from the JBOSS Installed directory
<JBOSS_INSTALLED_DIRECTORY>\server\default\tmp
<JBOSS_INSTALLED_DIRECTORY>\server\default\work
- Restart JBOSS service.
Now, when accessing the HTTP ENTM UI (Login Page), it will automatically be redirected to the HTTPS ENTM UI. This way, users are forced to use HTTPS page without disabling the HTTP connector in the server.xml.
Additional Information:
In this document ENTM refers to Enterprise Management Server.
Environment
Component:
Attachments
Feedback
