VCST-70-000010 - The Security Token Service must not be configured with unused realms.

Information

The Security Token Service performs user authentication at the application level and not through Tomcat. To eliminate unnecessary features and ensure the Security Token Service remains in its shipping state, the lack of a 'UserDatabaseRealm' configuration must be confirmed.

Solution

Navigate to and open:

/usr/lib/vmware-sso/vmware-sts/conf/server.xml

Remove the <Realm> node returned in the check.

Restart the service with the following command:

# vmon-cli --restart sts

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y23M07_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-256754r889232_rule, STIG-ID|VCST-70-000010, Vuln-ID|V-256754

Plugin: Unix

Control ID: b3b6e8e89940518cb27eb420d7589cc04f3f187dec36c3be20882d5828042bbd