Idea Details

Protect IDMMANAGE

Last activity 09-04-2018 07:16 AM
TheQuietMan's profile image
08-09-2016 03:50 PM

Is there a way to protect the Identity Management Console (i.e. /IDMMANAGE)? Even though the console is not frequently used or needed, in  a large deployment, the possibility of increases and the environment get larger.

I am asking for the 12.9 PIM identity management console.

Even simple authentication or a way to limit access to this console when it is enabled would be mitigate exposure.

If the "System Manager" account can be used (or limited to even a role or short list of accounts) it would help.

 

But right now, no authentication or no security other shutting it down is a concern. As stated, even a short period of time can help mitigate.


Comments

09-21-2016 06:56 AM

That path does not exist in PIM 12.9 SP1. The web.xml is under jboss-4.2.3.GA\server\default\deploy\IdentityMinder.ear\management_console.war\WEB-INF

But that XML block you refer to above does not exist.

 

It appears it may require some customization using separate authentication mechanism native to JBOSS.

08-23-2016 05:42 AM

Can you check this file  : iam_im.ear\management_console.war\WEB-INF\web.xml

 

and look for this item  :

 

<filter>

       <filter-name>ManagementConsoleAuthFilter</filter-name>

       <filter-class>com.netegrity.ims.manage.filter.ManagementConsoleAuthFilter</filter-class>

       <init-param>

         <param-name>Enable</param-name>

         <param-value>true</param-value>

       </init-param>

     </filter>

 

It's an option bound to a checkbox during setup, if wrongly checked or unchecked it leads the console to be available without authentication. Change this setting and restart your jboss/wildfly you should have authentication activated.

 

Regards