Disable HTTP Port 9099
NOTE:
This must be done after Security Provider has been fully installed. The changes in this section must be reverted, to add or remove the master admin account by running the setup scripts.
Perform the following steps to disable the HTTP port 9099 of Security Provider to allow access only to the server via HTTPS port 9043:
- Stop the Security Provider service.
- Go toC:\<FTASecurity Installation Directory>\FTASecurity\standalone\configurationdirectory and make a backup copy of thestandalone.xmlfile.
- Edit thestandalone.xmlfile as follows:
- Search for the line that starts with "https-listener". Change the value of the “enable-http2” property from "true" to "false": Before<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>After<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="false"/>
- Add the filter reference in the host tag:<filter-ref name="httpAccess"/><filter-ref name="hsts-header"/>
- Add the filter expression in the filters tag:<expression-filter name="httpAccess" expression="path-prefix('/') and not equals(%p, 9043) -> response-code(403)"/><response-header name="hsts-header" header-name="Strict-Transport-Security" header-value="max-age=31536000;"/>
- Save and close thestandalone.xmlfile.
- Go to theC:\<Installation_directory>\FTASecurity\modules\system\layers\keycloak\org\keycloak\keycloak-server-subsystem\main\server-war\WEB-INF\folder and open theweb.xmlfile in text editor.
- Add the following syntax just before the ‘web-app’ line:<session-config><cookie-config><http-only>true</http-only><secure>true</secure></cookie-config></session-config>NOTE:If user wants to enable HTTP port 9099 for Security Provider, comment the following syntax inweb.xmlfile:<secure>true</secure>NOTE:
- Save and close theweb.xmlfile.
- Start the Security Provider service.
Provide Feedback