Article
Search
Shameless Plugs
Most Popular
Who's online
User login
4275
Protect Access Manager Admin Console When Installed on the Same Machine as the Identity Server
Sometimes, for various reasons, it is required or desired to install Access Manager with both Admin Console and Identity Server sharing the same physical (or virtual) machine. In this case, since the Identity provider needs to be accessible, and if the services provided by Access Manager need to be available (read: open) to the Internet, arises the problem of securing the Admin Console, so it will not be accessible from the greater Internet.
Novell's official stand is that the supported way to secure the Admin Console for the above scenario is to separate it from the Identity Server. However, sometimes this is not possible, so the below solution addresses this.
Edit /var/opt/novell/tomcat5/conf/server.xml (remember to make a copy of it first).
Look for the end of the <Host> block.
Before the last line (aka before </Host>), insert the following:
<Context path="/nps">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="xxx.yyy.zzz.www" />
</Context>
The syntax for the allow directive (which can be changed to a deny directive as well) is a comma separated IP regular expressions list (Perl regex format). A simple example would be:
allow="192.168.10[1-3].[0-9]*"
This would mean: allow 192.168.101.0/24, 192.168.102.0/24, 192.168.103.0/24.
The official documentation of the Valve IP based filter can be viewed in the Apache Tomcat official documentation site.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.
Related Articles
User Comments
restrict_console script
Submitted by pmckeith on 25 June 2009 - 1:08pm.
There is a script referenced with the recent Novell Access Manager 3.1 SSL VPN Soft Appliance Appnote that will also do this for you.
- Be the first to comment! To leave a comment you need to Login or Register
1