Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Changes in Connect Server Files

  • Changes in Server-config.properties file (Installation\ConnectServer\AdeptiaServer\ServerKernel\etc\server-configure.properties)
    • Set property application.security to “true
    • Set property abpm.server.side.entity.validation to true
    • Set property abpm.gui.error.message.enable to false
  • Changes in auth.properties file (Installation\ConnectServer\AdeptiaServer\ServerKernel\etc\auth.properties) 
    • Change the value of app.connect.jwt.token.expire.time and app.connect.jwt.token.expire.timeunit property to the value you need the session to be active. For example, if you want your session to be active for 1 hour then set 
      app.connect.jwt.token.expire.time=1 
      and 
      app.connect.jwt.token.expire.timeunit = HOURS

Changes in Connect Portal Files

  • Changes in server.xml file (Installation\AdeptiaConnect-2.9\ConnectPortal\conf\server.xml) 
    • Add line <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" /> in Host group.

SAML Strict Security Validation Settings

Changes in Connect Portal files

  • Change in securityContext.xml (C:\SingleInstaller\AdeptiaConnect-2.9\ConnectPortal\resources_config\saml\securityContext.xml)
    • Add line <property name="strictMessageSignatureValidation" value="true"/> in webSSOprofileConsumer bean tag.

SQL Injection & Cross-Site Scripting Vulnerability

After you have applied the patch, follow these steps to update security settings against SQL injections:

  1.  After installing the patch, go to ...\ServerKernel\web\WEB-INF.
  2. Open web.xml file.
  3. In the web.xml file, delete the following two lines.

    <!-- Security handler entry start
    Security handler entry ends–>
  4. Restart Kernel and WebRunner.

 

  • No labels