Technical guidance to prevent a possible DoS in Identity Manager 4.5 & 4.6

  • 7018780
  • 05-Apr-2017
  • 05-Apr-2017

Environment

NetIQ Identity Manager 4.5
NetIQ Identity Manager 4.6
NetIQ Identity Manager Roles Based Provisioning Module 4.5
NetIQ Identity Manager Roles Based Provisioning Module 4.6

Situation

Under certain circumstances, your Identity Manager can be susceptible to a DoS attack caused by Client Initiated SSL Renegotiation. 

Resolution

Follow this procedure on each of the machines running Identity Manager – Roles Based Provisioning Module:
1. Edit the <tomcat-install-directory>/bin/setenv.sh (or, <tomcat-install-directory>\bin\setenv.bat) file 
2. Add the following flag to CATALINA_OPTS “-Djdk.tls.rejectClientInitiatedRenegotiation=true
3. Save and restart tomcat  ie. /etc/init.d/idmapps_tomcat_init restart

Feedback service temporarily unavailable. For content questions or problems, please contact Support.