SSO Session Information Page
- Former user (Deleted)
- Tomi Pelttari
- Former user (Deleted)
To help solving problems during system development and support cases, it is possible to activate session information page on UAS.
Session information page is disabled by default. The reason for this is that this page exposes system version information, which in some cases may be a security risk.
Enable Session Information Page on UAS
To enable session information page on UAS:
Enable Session Information Page on UAS. Set
enabled totrue.C:\Program Files\Ubisecure\ubilogin-sso\tomcat\webapps\uas\WEB-INF\web.xml<!-- Info --> <servlet> <servlet-name>com.ubisecure.ubilogin.sso.ui.servlet.InfoServlet</servlet-name> <servlet-class>com.ubisecure.ubilogin.sso.ui.servlet.InfoServlet</servlet-class> <init-param> <param-name>enabled</param-name> <param-value>true</param-value> </init-param> </servlet>Activate the change by running update:
C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat> update.cmdDo an authentication request: open session information page from the web address
https://{sso-server address}/uas/info
Figure 1. Ubisecure SSO information page
To disable session information page on UAS:
Disable Session Information Page on UAS. Set
enabled tofalse.C:\Program Files\Ubisecure\ubilogin-sso\tomcat\webapps\uas\WEB-INF\web.xml<!-- Info --> <servlet> <servlet-name>com.ubisecure.ubilogin.sso.ui.servlet.InfoServlet</servlet-name> <servlet-class>com.ubisecure.ubilogin.sso.ui.servlet.InfoServlet</servlet-class> <init-param> <param-name>enabled</param-name> <param-value>false</param-value> </init-param> </servlet>Activate the change by running update:
C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat> update.cmdCheck that the page is disabled: check that the information page is not viewable with web browser at the address
https://{sso-server address}/uas/info