UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Security Token Service must not be configured with unused realms.


Overview

Finding ID Version Rule ID IA Controls Severity
V-256754 VCST-70-000010 SV-256754r889232_rule Medium
Description
The Security Token Service performs user authentication at the application level and not through Tomcat. To eliminate unnecessary features and ensure the Security Token Service remains in its shipping state, the lack of a "UserDatabaseRealm" configuration must be confirmed.
STIG Date
VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide 2023-02-21

Details

Check Text ( C-60429r889230_chk )
At the command prompt, run the following command:

# grep UserDatabaseRealm /usr/lib/vmware-sso/vmware-sts/conf/server.xml

If the command produces any output, this is a finding.
Fix Text (F-60372r889231_fix)
Navigate to and open:

/usr/lib/vmware-sso/vmware-sts/conf/server.xml

Remove the node returned in the check.

Restart the service with the following command:

# vmon-cli --restart sts