Autosys AEWS url fails security scan after configuration change
search cancel

Autosys AEWS url fails security scan after configuration change

book

Article ID: 379422

calendar_today

Updated On:

Products

Autosys Workload Automation

Issue/Introduction

After following the below KB article:
HSTS Configuration for Autosys Webserver (broadcom.com)

a security scan still shows the URL and not have the HSTS configured:
Example URL be scanned.
https:///<hostname>.<domainname>.com:9443/AEWS/job/testjob

Environment

Autosys 12.x

Cause

This is default behavior for Tomcat.

Resolution

To validate that the settings in the KB are set:
HSTS Configuration for Autosys Webserver (broadcom.com)

Use a curl command with a valid username and password to acess the AEWS endpoint to see the results:
Example:
curl -v -k -u autosys https://<hostname>.<domainname>.com:9443/AEWS/job/testjob

Powered by Wolken Software