Symantec Access Management

Back to discussions
Expand all | Collapse all

Restrict siteminder AdminUI to Listen on single IP

Jump to Best Answer

  • 1.  Restrict siteminder AdminUI to Listen on single IP

    Posted 05-10-2017 05:13 AM

    Hi All,

     

    I installed siteminder AdminUI (12.52-sp01-cr02-linux) on linux which has 2 IP's (example: 192.168.10.2 and 10.174.10.2)

    Checked on sever.

     

    tcp        0      0 0.0.0.0:1080                0.0.0.0:*                   LISTEN      43179/java

    tcp        0      0 10.174.10.2:8443           0.0.0.0:*                   LISTEN      43179/java

     

    If i access AdminUI

     

    http://192.168.10.2:1080/iam/siteminder/adminui      ------> working

    https://192.168.10.2:8443/iam/siteminder/adminui   ---------> Not working

    (FQDN is also not working in both cases http and https.).

     

     

     On the server 8443 is listening on different IP which I can't access from Citrix.

    From the Citrix i can only access  any port only if its listening on 192.168.10.2.

    So i need to make the JBOSS Ports to listen on only one IP  (Need help on this).

     

    Regards,

    Gowtham.



  • 2.  Re: Restrict siteminder AdminUI to Listen on single IP 



  • 3.  Re: Restrict siteminder AdminUI to Listen on single IP 
    Best Answer

    Posted 05-10-2017 08:21 PM

    Ok, the file you need to modify is :

     

    <Admin UI Install Directory>\server\default\conf\bindingservice.beans\META-INF\bindings-jboss-beans.xml

    Look for httpHost or httpsHost property depending on which you want to configure.

     

    Here is the result from my test:

    Case 1 : httpsHost =10.131.234.158

     

    Case 2 : httpsHost = 0.0.0.0

     

     

    Hope this works for you as well.

     

    Cheers,

    Ujwol



  • 4.  Re: Restrict siteminder AdminUI to Listen on single IP&amp;#160;

    Posted 05-10-2017 09:23 AM

    Hi Ujwal,

     

    Thanks for quick replay.

    Yes, I tried with both below command but no luck.

     

    nohup sh run.sh -b hostname > nohup.log &

    nohup sh run.sh -b 0.0.0.0 > nohup.log &

     

     

    Regards,

    Gowtham.



  • 5.  Re: Restrict siteminder AdminUI to Listen on single IP&amp;#160;

    Posted 05-12-2017 11:14 PM

    Hi Ujwol,

     

    Thank you very much, This helped to solve my issue.

     

    Regards,

    Gowtham.



  • 6.  Re: Restrict siteminder AdminUI to Listen on single IP&amp;#160;

    Broadcom Employee
    Posted 05-10-2017 10:17 AM

    Gowtham,

     

    As per your description, you have provide the following:

     

    10.174.10.2:8443 --> not working, as your current citrix policy does not allow you to connect to any other port apart from 192.168.10.2.

     

    Now on your Policy Server the IP is 10.174.10.2 and you are accessing the IP 192.168.10.2.

     

    - Would it be possible for you to route the request you are sending on 192.168.10.2 to 10.174.10.2

    - OR you would need to check with the Citrix Admin and have them allow the 10.174.10.2 port as well.

     

    Thanks,

    Reatesh.



  • 7.  Re: Restrict siteminder AdminUI to Listen on single IP&amp;#160;

    Posted 05-10-2017 10:27 AM

    Hi Reatesh,

     

    Both IP's belongs to single server.

    Now on the server 1080 is listening to all IP's

    Where 8443 is listening on only 10.174.10.2 (The IP which i can't access from citrix)

     

    What i am trying to achieve is to listen both ports 1080 and 8443 on same IP.

     

    Regards,

    Gowtham.

     



  • 8.  Re: Restrict siteminder AdminUI to Listen on single IP&amp;#160;

    Broadcom Employee
    Posted 05-10-2017 10:40 AM

    Hello Gowtham.

     

    During the installation of the Admin UI, were you prompted to select an IP / NIC? ( as far as I know, you should not be).

    Can you look at you Admin UI installation log file and check, if you see either of the IP address?

    Also in the JBoss server.log file, which IP is being used by JBoss for SSL?

     

    You could as well look at the JBoss configuration files such as the server.xml and check which is the redirect port.

     

    Thanks,

    Reatesh.