Java Management Extension ('JMX') connection handler is enabled by openam on SteelCentral Authentication Service ('SCAS').
The customer reported that port 1689 is a security vulnerability and requested for it to be disabled.
SCAS - How to disable JMX port 1689
Issue
Solution
You will require the Directory Manager password. This was provided by the administrator during installation.If you do not have the said password, you will have to re-install SCAS to set it again.When you have the password, please follow the steps below:
C:\Riverbed\AuthenticationService\OASConfig\opends\bat>dsconfig ## Step 1 - run dsconfig ##
>>>> Specify OpenDS LDAP connection parameters
Directory server hostname or IP address [SCPortal-SCAS]: localhost
Directory server administration port number [4470]: 4470 ## Step 2 - Enter port 4470 ##How do you want to trust the server certificate?
1) Automatically trust
2) Use a truststore
3) Manually validate
Enter choice [3]: 1 ## Step 3 - select choice 1 ##Administrator user bind DN [cn=Directory Manager]:
Password for user 'cn=Directory Manager': ## Step 4 - Enter Directory Manager password ##>>>> OpenDS configuration console main menu
What do you want to configure?
1) Access Control Handler 23) Log Rotation Policy
2) Account Status Notification Handler 24) Matching Rule
3) Administration Connector 25) Monitor Provider
4) Alert Handler 26) Network Group
5) Attribute Syntax 27) Network Group QOS Policy
6) Backend 28) Password Generator
7) Certificate Mapper 29) Password Policy
8) Connection Handler 30) Password Storage Scheme
9) Crypto Manager 31) Password Validator
10) Debug Target 32) Plugin
11) Entry Cache 33) Plugin Root
12) Extended Operation Handler 34) Replication Domain
13) Extension 35) Replication Server
14) External Changelog Domain 36) Root DN
15) Global Configuration 37) Root DSE Backend
16) Group Implementation 38) SASL Mechanism Handler
17) Identity Mapper 39) Synchronization Provider
18) Key Manager Provider 40) Trust Manager Provider
19) Local DB Index 41) Virtual Attribute
20) Local DB VLV Index 42) Work Queue
21) Log Publisher 43) Workflow
22) Log Retention Policy 44) Workflow Element
q) quit
Enter choice: 8 ## Step 5 - select choice 8 ##>>>> Connection Handler management menu
What would you like to do?
1) List existing Connection Handlers
2) Create a new Connection Handler
3) View and edit an existing Connection Handler
4) Delete an existing Connection Handler
b) back
q) quit
Enter choice [b]: 4 ## Step 6 - select choice 4 ##>>>> Select the Connection Handler from the following list:
1) JMX Connection Handler
2) LDAP Connection Handler
3) LDAPS Connection Handler
4) LDIF Connection Handler
c) cancel
q) quit
Enter choice [c]: 1 ## Step 7 - select choice 1 ##Are you sure that you want to delete the Connection Handler? (yes / no) [no]: y ## Step 8 - select 'y' ##The Connection Handler was deleted successfully
Press RETURN to continue
>>>> Connection Handler management menu
What would you like to do?
1) List existing Connection Handlers
2) Create a new Connection Handler
3) View and edit an existing Connection Handler
4) Delete an existing Connection Handler
b) back
q) quit
Enter choice [b]: q ## Step 9 - select 'q' ##C:\Riverbed\AuthenticationService\OASConfig\opends\bat>net stop scas_web ## Step 10 - stop the SteelCentral Authentication Service ##The SteelCentral Authentication Service Web service was stopped successfully.
C:\Riverbed\AuthenticationService\OASConfig\opends\bat>net start scas_web ## Step 11 - start the SteelCentral Authentication Service ##The SteelCentral Authentication Service Web service is starting.
The SteelCentral Authentication Service Web service was started successfully.
C:\Riverbed\AuthenticationService\OASConfig\opends\bat>netstat -aon | find ":1689" ## Step 12 - verify the port '1689' is disable ##C:\Riverbed\AuthenticationService\OASConfig\opends\bat>
Related Bugs
Attachments
Related Files
NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Can't find an answer? Create a case