Disable HTTP Port 9099

NOTE:
This must be done after Security Provider has been fully installed. The changes in this section must be reverted, to add or remove the master admin account by running the setup scripts.
Perform the following steps to disable the HTTP port 9099 of Security Provider to allow access only to the server via HTTPS port 9043:
  1. Stop the Security Provider service.
  2. Go to /opt/rockwell/fta-security/standalone/configuration directory and make a backup copy of the standalone.xml file.
  3. Open the standalone.xml file in a text editor and edit as follows:
    1. Search for the line that starts with "https-listener". Change the value of the “enable-http2” property from "true" to "false": Before
      <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
      After
      <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="false"/>
    2. Add the filter reference in the host tag:
      <filter-ref name="httpAccess"/>
      <filter-ref name="hsts-header"/>
    3. Add the filter expression in the filters tag:
      <expression-filter name="httpAccess" expression="path-prefix('/') and not equals(%p, 9043) -> response-code(403)"/>
      <response-header name="hsts-header" header-name="Strict-Transport-Security" header-value="max-age=31536000;"/>
      Disable HTTP Port
  4. Save and close the standalone.xml file.
  5. Naviage to <Installation_directory>\FTASecurity\modules\system\layers\keycloak\org\keycloak\keycloak-server-subsystem\main\server-war\WEB-INF\ folder and open the web.xml file in text editor.
  6. Add the following syntax just before the ‘web-app’ line:
    <session-config>
    <cookie-config>
    <http-only>true</http-only>
    <secure>true</secure>
    </cookie-config>
    </session-config>
    web.xml file
    NOTE:
    If user wants to enable HTTP port 9099 for Security Provider, comment the following syntax in web.xml file:
    <secure>true</secure>
    NOTE:
  7. Save and close the web.xml file.
  8. Start the Security Provider service.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.