DescriptionAdmin UI Redirect port 8080 HTTP to port 8443 HTTPS or disable 8080 entirely
SolutionWorkaround: To redirect Admin UI port 8080 to secure port 8443, on the Network Sentry Server or Network Sentry Control Server modify the /bsc/campusMgr/ui/ROOT/WEB-INF/web.xml file.
Change the bottom-most "NONE" value to "CONFIDENTIAL" in the transport-guarantee section.
Before:
<security-constraint>
<web-resource-collection>
<web-resource-name>ALL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>
NONE
</transport-guarantee>
</user-data-constraint>
</security-constraint>
After:
<security-constraint>
<web-resource-collection>
<web-resource-name>ALL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>
CONFIDENTIAL
</transport-guarantee>
</user-data-constraint>
</security-constraint>
Save the changes to the web.xml file.
Restart the tomcat-admin service:
service tomcat-admin restart
Note: This change must be done after every upgrade. Document the change in a file called README in the /bsc/campusMgrUpdates/ directory. If no file is currently present with that name, create a new file.
To disable Admin UI port 8080 entirely, on the Network Sentry Server or Network Sentry Control Server, modify the /bsc/services/tomcat-admin/conf/server.xml file.
Comment out the below section as follows:
Before:
<Connector port="8080" redirectPort="8443"
server="Apache"
address="nac" />
After:
<!-- <Connector port="8080" redirectPort="8443"
server="Apache"
address="nac" />
-->
Save the changes to the server.xml file.
Restart the tomcat-admin service:
service tomcat-admin restart
Note: This change must be done after every upgrade. Document the change in a file called README in the /bsc/campusMgrUpdates/ directory. If no file is currently present with that name, create a new file.
Solution: Addressed in version 8.2.0.
