Environment
NetIQ Identity Manager 4.5
NetIQ Identity Manager 4.6
NetIQ Identity Manager Roles Based Provisioning Module 4.5
NetIQ Identity Manager Roles Based Provisioning Module 4.6
Situation
Under certain circumstances, your Identity Manager can be susceptible to a DoS attack caused by Client Initiated SSL Renegotiation.
Resolution
Follow this procedure on each of the machines running Identity Manager – Roles Based Provisioning Module:
1. Edit the <tomcat-install-directory>/bin/setenv.sh (or, <tomcat-install-directory>\bin\setenv.bat) file
2. Add the following flag to CATALINA_OPTS “-Djdk.tls.rejectClientInitiatedRenegotiation=true”
3. Save and restart tomcat ie. /etc/init.d/idmapps_tomcat_init restart