The Security Token Service must not be configured with unused realms.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-256754 | SRG-APP-000141-WSR-000015 | VCST-70-000010 | SV-256754r889232_rule | 2023-06-15 | 1 |
| Description |
|---|
| The Security Token Service performs user authentication at the application level and not through Tomcat. To eliminate unnecessary features and ensure the Security Token Service remains in its shipping state, the lack of a "UserDatabaseRealm" configuration must be confirmed. |
| ℹ️ Check |
|---|
| At the command prompt, run the following command: # grep UserDatabaseRealm /usr/lib/vmware-sso/vmware-sts/conf/server.xml If the command produces any output, this is a finding. |
| ✔️ Fix |
|---|
| Navigate to and open: /usr/lib/vmware-sso/vmware-sts/conf/server.xml Remove the <Realm> node returned in the check. Restart the service with the following command: # vmon-cli --restart sts |