Idea Details


Last activity 09-04-2018 07:16 AM
TheQuietMan's profile image
08-09-2016 03:50 PM

Is there a way to protect the Identity Management Console (i.e. /IDMMANAGE)? Even though the console is not frequently used or needed, in  a large deployment, the possibility of increases and the environment get larger.

I am asking for the 12.9 PIM identity management console.

Even simple authentication or a way to limit access to this console when it is enabled would be mitigate exposure.

If the "System Manager" account can be used (or limited to even a role or short list of accounts) it would help.


But right now, no authentication or no security other shutting it down is a concern. As stated, even a short period of time can help mitigate.


09-21-2016 06:56 AM

That path does not exist in PIM 12.9 SP1. The web.xml is under jboss-4.2.3.GA\server\default\deploy\IdentityMinder.ear\management_console.war\WEB-INF

But that XML block you refer to above does not exist.


It appears it may require some customization using separate authentication mechanism native to JBOSS.

08-23-2016 05:42 AM

Can you check this file  : iam_im.ear\management_console.war\WEB-INF\web.xml


and look for this item  :











It's an option bound to a checkbox during setup, if wrongly checked or unchecked it leads the console to be available without authentication. Change this setting and restart your jboss/wildfly you should have authentication activated.