Federation Manager Release NotesKnown IssuesFederation Manager UI Issues › SSL UI Connection Allows Non-SSL Access to the UI (87262)

Previous Topic: Federation Manager UI Issues

Next Topic: Federation Manager UI Permits only ASCII Characters (97031, 97033, 97034, 96471, 96473, 98181)

SSL UI Connection Allows Non-SSL Access to the UI (87262)

Symptom:

If you enable SSL for the connection to the Federation Manager UI, the UI is still accessible over a non-SSL (HTTP) connection, potentially exposing an administrator's credentials.

Solution:

Enable the UI SSL port then disable the UI HTTP port.

To enable SSL for the UI

  1. Run the Configuration Wizard, supplying values or accepting the defaults for the Admin UI HTTP Port and the Admin UI SSL Port settings.

    Note: You can skip this step if these ports were already defined when you first installed and configured Federation Manager.

  2. Log in to the Federation Manager UI.
  3. Select Infrastructure, SSL Configuration.

    The SSL Configuration dialog displays.

  4. Click Activate in the Administrative UI SSL Configuration box.

    By clicking this button, SSL is enabled to protect the UI.

  5. Exit the UI.

To disable the HTTP UI Port

  1. Navigate to federation_mgr_home\secure-proxy\proxy-engine\conf.
  2. Open the server.conf file.
  3. Comment out the setting local.http.port=port_number by adding a pound sign (#) in front of the setting.
  4. Save the server.conf file.
  5. Restart the Federation Manager services according to your operating environment.