Based on your security setting of the Primary Server, a default setting will be set for agent web services, which is available in the auth-filter-settings.json file. The file is available in the following location:
Linux: /opt/microfocus/zenworks/share/tomcat/conf/auth-filter-settings.json
Windows: %ZENSERVER_HOME%\services\zenserver\conf\auth-filter-settings.json
Security of the web services is controlled though 'requireAuth' and 'allowLegacy' servlet filter parameters.
When security is ON, requireAuth is set to true and allowLegacy is set to false. This means that any request coming to the server should have an authorization header and the server will accept only if the header is valid. This is represented in the JSON file as shown below and is applicable for all the agent web services.
{
"location":"/",
"requireAuth":"true",
"allowLegacy":"false"
}
Exception to any of the web services has to be override as shown below.
{
"location":"zenworks-downloads",
"requireAuth":"false"
}
Here for "zenworks-downloads" agent does not have to send the authorization header. The complete JSON file will be as shown below:
{
"securityConfigs":[
{
"location":"/",
"requireAuth":"true",
"allowLegacy":"false"
},
{
"location":"zenworks-downloads",
"requireAuth":"false"
}
]
}
When security is OFF, requireAuth is true, but allowLegacy is also true, which means any request coming with the auth header will be accepted by the server, only if it is valid. Any request without a header will be accepted by the server as allowLeacy is also true. This is represented in the JSON file as shown below and is applicable for all the agent web services.
{
"location":"/",
"requireAuth":"true",
"allowLegacy":"true"
}
Exception to any of the webservices has to be override as below.
{
"location":"zenworks-assignmentservice",
"requireAuth":"true",
"allowLegacy":"false"
}
This means, server will never accept a "zenworks-assignmentservice" service without a valid header. For the services where older agents were already sending auth header, the root setting will be overridden as shown above. This means, in a zone where security is OFF, 2020 Update 2 or later agent will be completely secured as it is always send auth header for all the services. Agent with version older than 2020 Update 2, partially security is achieved as some of the services were already sending auth header.
The get the default JSON file go to the following location:
Linux: /opt/microfocus/zenworks/share/tomcat/conf/auth-filter-settings.json
Windows: %ZENSERVER_HOME%\services\zenserver\conf\auth-filter-settings.json
Based on your security requirements, you can modify the JSON file as explained above. It is recommended that you take a backup of the JSON file before making any changes.