DX Infrastructure Management

Expand all | Collapse all

admin console in UMP - blocked content

Jump to Best Answer
  • 1.  admin console in UMP - blocked content

    Posted 28 days ago
    hi, i've added admin console as a portlet to UMP following https://docops.ca.com/ca-unified-infrastructure-management/9-0-2/en/administering/working-with-admin-console/log-in-to-admin-console/. however i think all the browsers all blocking iframes - tried chrome, FF, IE.

    1. is this documentation still valid? if so, how to display the admin console as a portlet in UMP? = what to enable in the supported browsers (ie. chrome)?
    2. if the docops is not valid anymore, can you please suggest any workaround?

    thank you,s.


  • 2.  RE: admin console in UMP - blocked content

    Posted 27 days ago
    Seems some Security Settings on your Browser.

    If you try locally to open at the Primary Hub Server with the URL: http://localhost/adminconsoleapp
    If opens without use the Portlet?

    ------------------------------
    Senior Support Engineer
    Broadcom
    ------------------------------



  • 3.  RE: admin console in UMP - blocked content

    Posted 27 days ago
    Edited by Savage 27 days ago
    This is not a browser issue but a really should be a defect but no one has acknowledged the issue.

    Inside adminconsole they use proper content-security html flags and inside UMP they do not which than any new up-to-date browser will ad-here to the content-security and start blocking some parts of its functionality.  For anyone inside Broadcom i go over this inside Case #1230901 .


    As a Example we did the following which fix's the issue : 

    /opt/nimsoft/probes/service/wasp/webapps/cabi/includes/header.jsp This is due to inside : /opt/nimsoft/probes/service/wasp/webapps/cabi/jsp/index.jsp on line 28 reference a relative include : <%@include file='../includes/header.jsp'%>

    So Inside header.jsp it should be the following you should edit the content-security-policy for your needs this is a example and not exactly what we use as i locked it down to very specific domains :

    <%
    String url = request.getRequestURL().toString().replaceAll(request.getRequestURI(),"");

    //Create timestamp to prevent CSS caching
    long ts=System.currentTimeMillis();
    %>

    <!doctype html>
    <html lang="en">
    <head>
    <%
    // Content-Security-Policy
    // Summary: Content Security Policy informs the client about the sources from which the application expects to load
    // resources
    // Info: https://www.owasp.org/index.php/Content_Security_Policy
    response.setHeader("Content-Security-Policy", "default-src 'self' https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:;");

    %>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <meta http-equiv="Pragma" content="no-cache">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="description" content="A front-end template that helps you build fast, modern mobile web apps.">
    <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0">
    <title id="portletTitle"></title>

    <script src="../js/jquery-2.1.0.js"></script>
    <script src="../js/jquery-ui.js"></script>
    <script src="../js/visualize.js"></script>

    <link rel="shortcut icon" href="<%= url %>/ump-theme/images/favicon.ico">
    <link rel="stylesheet" type="text/css" href="../css/style.css?v=<%=ts%>">
    <link rel="stylesheet" type="text/css" href="../css/jquery-ui.css">
    <link rel="stylesheet" type="text/css" href="../css/overrides.css?v=<%=ts%>">
    <link href="https://fonts.googleapis.com/css?family=Noto+Sans" rel="stylesheet">
    </head>


    The key part of the edit is this section which i added if your running the ump under https you will not have issues than : 

    <%
    // Content-Security-Policy
    // Summary: Content Security Policy informs the client about the sources from which the application expects to load
    // resources
    // Info: https://www.owasp.org/index.php/Content_Security_Policy
    response.setHeader("Content-Security-Policy", "default-src 'self' https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:;");

    %>


  • 4.  RE: admin console in UMP - blocked content
    Best Answer

    Posted 27 days ago
    Hi 

    https://docops.ca.com/ca-unified-infrastructure-management/9-0-2/en/release-notes/ca-unified-infrastructure-management-9-2-0#CAUnifiedInfrastructureManagement9.2.0-AdminConsolePortletFailstoAppearinUMP


  • 5.  RE: admin console in UMP - blocked content

    Posted 27 days ago
    its working, based on your suggestion @franklin. thank you very much! s.


  • 6.  RE: admin console in UMP - blocked content

    Posted 27 days ago
    Glad to see they finally got what we where talking about . To bad there was never a response in our ticket or follow up regarding this we put in about the whole issue.