VCST-67-000010 - The Security Token Service must not be configured with unused realms.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The Security Token Service performs user authentication at the application level and not through Tomcat. To eliminate unnecessary features and ensure that the Security Token Service remains in its shipping state, the lack of a 'UserDatabaseRealm' configuration must be confirmed.

Solution

Navigate to and open /usr/lib/vmware-sso/vmware-sts/conf/server.xml.

Remove the <Realm> node returned in the check.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000381, Rule-ID|SV-239661r679055_rule, STIG-ID|VCST-67-000010, Vuln-ID|V-239661

Plugin: Unix

Control ID: 72c027770a169c0a6a784b14f13d4896243353777a042ad0eb0dd491e27c507b