Idea Details

modify assertion consumer URL

Last activity 12-17-2016 09:28 AM
Chandra1's profile image
11-19-2015 02:59 PM

Hi,

 

We are looking to change assertion consumer URL through modifying through below steps.

 

 

1.    JBoss_context_root

As the JBoss application is delivered as a war rather than an ear there are a couple of ways to change the context root, but having looked at what’s delivered from CA, the cleanest way to change this is to rename the war before it’s deployed as the name will be taken to be the context root (https://docs.jboss.org/jbossas/guides/webguide/r2/en/html/ch06.html).  Therefore to meet the above target affwebservices.war becomes bnetservices.war

 

2.    JBoss_servlet_mapping

As suggested by CA the was file can be extracted and the web.xml can be amended to contain the following

  <servlet-mapping>

    <servlet-name>LoginProcessor</servlet-name>

    <url-pattern>/LoginProcessor/*</url-pattern>

  </servlet-mapping>

 

3.    JBoss_servlet_name

As suggested by CA the was file can be extracted and the web.xml can be amended to contain the following

  <servlet>

    <servlet-name>LoginProcessor</servlet-name>

    <display-name>SAML 2.0 Assertion Consumer service</display-name>

    <description>This servlet is the SAML 2.0 Assertion Consumer service at an SP.</description>

    <servlet-class>com.netegrity.affiliateminder.webservices.saml2.AssertionConsumer</servlet-class>

  </servlet>

 

4.    Additional changes

I would suggest that it would be good practice to remove all the other servlet mappings that exist within the JBoss configuration of the CA application as although we’re not using the could present a “threat” if someone was able to get to them.

 

Please vote this idea.


Comments

03-04-2016 05:21 AM

Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers. Your input is vital to that effort. The CA Single Sign-On Product Management team has reviewed your suggested enhancement. Based on current roadmap priorities and/or the limited amount of community support for this idea, we are not accepting this idea into the product backlog. Therefore, it is being moved to a “Not Planned” status.  

03-04-2016 05:21 AM

Breaching is not possible with the validation considerations for 'affwebservices’  in the code base