UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Security Token Service must be configured with the appropriate ports.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239679 VCST-67-000028 SV-239679r816762_rule Medium
Description
Web servers provide numerous processes, features, and functionalities that use TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. The ports that the Security Token Service listens on are configured in the "catalina.properties" file and must be verified as accurate to their shipping state.
STIG Date
VMware vSphere 6.7 STS Tomcat Security Technical Implementation Guide 2022-01-03

Details

Check Text ( C-42912r816760_chk )
Connect to the PSC, whether external or embedded.

At the command prompt, execute the following command:

# grep 'bio' /usr/lib/vmware-sso/vmware-sts/conf/catalina.properties

Expected result:

bio-custom.http.port=7080
bio-custom.https.port=8443
bio-ssl-localhost.https.port=7444

If the output of the command does not match the expected result, this is a finding.
Fix Text (F-42871r816761_fix)
Connect to the PSC, whether external or embedded.

Navigate to and open /usr/lib/vmware-sso/vmware-sts/conf/catalina.properties.

Navigate to the ports specification section.

Set the Security Token Service port specifications according to the following list:

bio-custom.http.port=7080
bio-custom.https.port=8443
bio-ssl-localhost.https.port=7444