Protect Access Manager Admin Console When Installed on the Same Machine as the Identity Server

Protect Access Manager Admin Console When Installed on the Same Machine as the Identity Server

Sometimes, for various reasons, it is required or desired to install Access Manager with both Admin Console and Identity Server sharing the same physical (or virtual) machine. In this case, since the Identity provider needs to be accessible, and if the services provided by Access Manager need to be available (read: open) to the Internet, arises the problem of securing the Admin Console, so it will not be accessible from the greater Internet.



Novell's official stand is that the supported way to secure the Admin Console for the above scenario is to separate it from the Identity Server. However, sometimes this is not possible, so the below solution addresses this.



Edit /var/opt/novell/tomcat5/conf/server.xml (remember to make a copy of it first).



Look for the end of the <Host> block.



Before the last line (aka before </Host>), insert the following:



        <Context path="/nps">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="xxx.yyy.zzz.www" />
</Context>



The syntax for the allow directive (which can be changed to a deny directive as well) is a comma separated IP regular expressions list (Perl regex format). A simple example would be:



allow="192.168.10[1-3].[0-9]*"


This would mean: allow 192.168.101.0/24, 192.168.102.0/24, 192.168.103.0/24.



The official documentation of the Valve IP based filter can be viewed in the Apache Tomcat official documentation site.

Labels (1)
Tags (1)

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments
Top Contributors
Version history
Revision #:
3 of 3
Last update:
‎2020-01-31 22:09
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.