You can select HTTP/SSL protocol when you install DualShield. Probably you install the trial version with HTTP, after trial you want to move it to production environment which needs SSL. Compared to reinstallation, it is a bit hassle to do the switch manually, but it is possible.
Please open the following files to make the change(http -> https)
C:\Program Files\DualShield\config\appsso-metadata.xml (4 hits)
Line 5: entityID="$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn2:$deepnet.dualserver.ssoport">
Line 7: <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
Line 20: Location="$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn2:$deepnet.dualserver.ssoport/appsso/login"/>
Line 24: Location="$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn2:$deepnet.dualserver.ssoport/appsso/logout" />
C:\Program Files\DualShield\config\appsso.properties (2 hits)
Line 4: dasProvisioningUri=$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn:$deepnet.dualserver.provport/das5/xmlrpc
Line 21: management_protocol=$deepnet.dualserver.protocol
C:\Program Files\DualShield\config\ManagementConsole.xml (3 hits)
Line 9: protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
Line 13: Location="$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn:$deepnet.dualserver.manageport/dmc/logout" />
Line 17: Location="$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn:$deepnet.dualserver.manageport/dmc/" />
C:\Program Files\DualShield\config\SelfServiceConsole.xml (3 hits)
Line 9: protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
Line 13: Location="$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn2:$deepnet.dualserver.slfsrvport/dss/logout" />
Line 17: Location="$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn2:$deepnet.dualserver.slfsrvport/dss/" />
C:\Program Files\DualShield\manconsole.url (1 hits)
Line 2: URL=$deepnet.dualserver.protocol://$deepnet.dualserver.fqdn:$deepnet.dualserver.manageport/dmc
Also, comment out all connectors with http protocol, and uncomment the SSL connectors in the Tomcat configuration file server.xml.
C:\Program Files\DualShield\tomcat\conf\server.xml (18 hits)
Line 99: <Connector port="$deepnet.dualserver.provport" protocol="HTTP/1.1"
Line 105: <Connector protocol="HTTP/1.1" SSLEnabled="true"
Line 114: <Connector protocol="HTTP/1.1" SSLEnabled="true"
Line 120: <Connector protocol="HTTP/1.1" SSLEnabled="true"
Line 127: <!-- A "Connector" using the shared thread pool-->
Line 129: <Connector executor="tomcatThreadPool"
Line 134: <!-- Define a SSL HTTP/1.1 Connector on port 8443
Line 139: <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
Line 144: <!-- Define an AJP 1.3 Connector on port 8009 -->
Line 145: <!-- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->
Line 213: <Connector port="$deepnet.dualserver.ssoport" protocol="HTTP/1.1"
Line 217: <Connector port="$deepnet.dualserver.ssomanport" protocol="HTTP/1.1"
Line 222: <Connector protocol="HTTP/1.1" SSLEnabled="true"
Line 228: <Connector protocol="HTTP/1.1" SSLEnabled="true"
Line 293: <Connector port="$deepnet.dualserver.slfsrvport" protocol="HTTP/1.1"
Line 299: <Connector protocol="HTTP/1.1" SSLEnabled="true"
Line 365: <Connector port="$deepnet.dualserver.manageport" protocol="HTTP/1.1"
Line 371: <Connector protocol="HTTP/1.1" SSLEnabled="true"
No comments:
Post a Comment