The Security Token Service must not be configured with unused realms.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239661 | VCST-67-000010 | SV-239661r679055_rule | Medium |
| Description |
|---|
| The Security Token Service performs user authentication at the application level and not through Tomcat. To eliminate unnecessary features and ensure that the Security Token Service remains in its shipping state, the lack of a "UserDatabaseRealm" configuration must be confirmed. |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 STS Tomcat Security Technical Implementation Guide | 2021-04-15 |
Details
| Check Text ( C-42894r679053_chk ) |
|---|
| At the command prompt, execute the following command: # grep UserDatabaseRealm /usr/lib/vmware-sso/vmware-sts/conf/server.xml If the command produces any output, this is a finding. |
| Fix Text (F-42853r679054_fix) |
|---|
| Navigate to and open /usr/lib/vmware-sso/vmware-sts/conf/server.xml. Remove the |