Disable HTTP Port 9099

NOTE:
This must be done after Security Provider has been fully installed. The changes in this section must be reverted, to add or remove the master admin account by running the setup scripts.
Perform the following steps to disable the HTTP port 9099 of Security Provider to allow access only to the server via HTTPS port 9043:
  1. Stop the Security Provider service.
  2. Go to
    C:\<FTASecurity Installation Directory>\FTASecurity\standalone\configuration
    directory and make a backup copy of the
    standalone.xml
    file.
  3. Edit the
    standalone.xml
    file as follows:
    1. Search for the line that starts with "https-listener". Change the value of the “enable-http2” property from "true" to "false": Before
      <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
      After
      <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="false"/>
    2. Add the filter reference in the host tag:
      <filter-ref name="httpAccess"/>
      <filter-ref name="hsts-header"/>
    3. Add the filter expression in the filters tag:
      <expression-filter name="httpAccess" expression="path-prefix('/') and not equals(%p, 9043) -> response-code(403)"/>
      <response-header name="hsts-header" header-name="Strict-Transport-Security" header-value="max-age=31536000;"/>
      Disable HTTP Port
      Disable HTTP Port (Continued)
  4. Save and close the
    standalone.xml
    file.
  5. Go to the
    C:\<Installation_directory>\FTASecurity\modules\system\layers\keycloak\org\keycloak\keycloak-server-subsystem\main\server-war\WEB-INF\
    folder and open the
    web.xml
    file in text editor.
  6. Add the following syntax just before the ‘web-app’ line:
    <session-config>
    <cookie-config>
    <http-only>true</http-only>
    <secure>true</secure>
    </cookie-config>
    </session-config>
    web.xml File
    NOTE:
    If user wants to enable HTTP port 9099 for Security Provider, comment the following syntax in
    web.xml
    file:
    <secure>true</secure>
    NOTE:
  7. Save and close the
    web.xml
    file.
  8. Start the Security Provider service.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.