5 - Authentication


Remove access for default and test users

Default username and passwords should not be used

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


Navigate to Server directory, open realm.properties file and create a new user. If you want to just use the default test realm, its better to delete the default users that already exist in realm.properties file. In the same folder find the webdefault.xml and specify the security constraint for the newly created user.