CA SiteMinder® Federation Standalone Release Notes › Known Issues › CA SiteMinder® Federation Standalone UI Issues › SSL UI Connection Allows Non-SSL Access to the UI (87262)

SSL UI Connection Allows Non-SSL Access to the UI (87262)

Symptom:

If you enable SSL for the connection to the CA SiteMinder® Federation Standalone UI, the UI is still accessible over a non-SSL (HTTP) connection, potentially exposing an administrator's credentials.

Solution:

Enable the UI SSL port then disable the UI HTTP port.

To enable SSL for the UI

1. Run the Configuration Wizard, supplying values or accepting the defaults for the Admin UI HTTP Port and the Admin UI SSL Port settings.

   Note: You can skip this step if these ports were already defined when you first installed and configured CA SiteMinder® Federation Standalone.

2. Log in to the CA SiteMinder® Federation Standalone UI.
3. Select Infrastructure, SSL Configuration.

   The SSL Configuration dialog displays.

4. Click Activate in the Administrative UI SSL Configuration box.

   By clicking this button, SSL is enabled to protect the UI.

5. Exit the UI.

To disable the HTTP UI Port

1. Navigate to federation_install_dir\secure-proxy\proxy-engine\conf.
2. Open the server.conf file.
3. Comment out the setting local.http.port=port_number by adding a pound sign (#) in front of the setting.
4. Save the server.conf file.
5. Restart the federation services according to your operating environment.
   • Windows

     Use the stop and start shortcuts as follows. If you logged in as a network user and not a local administrator, right-click the shortcut and select Run as administrator.

     1. Start, All Programs, CA, Federation Standalone, Stop services
     2. Start, All Programs, CA, Federation Standalone, Start services
   • UNIX

     a. Open a command window.

     b. Run the following scripts:

     federation_install_dir/fedmanager.sh stop

     federation_install_dir/fedmanager.sh start

     Note: Do not stop and start the services as the root user.