How to limit the number of the active web sessions in Operation Orchestration Central?

  • KM02391426
  • 06-Jun-2016
  • 21-May-2021

Summary

CPE provided a workaround on that topic.

Question

By design any user could run simultaneously more than one HPE Operation Orchestration web session on Central while using different internet browsers.
However some users consider this feature as vulnerability issue. Thus there is a workaround how to limit the number of the active web sessions:
1. Open the file Central\tomcat\webapps\oo\WEB-INF\web.xml

2. Add following configuration:

<listener>
 <listener-class>
      org.springframework.security.web.session.HttpSessionEventPublisher
    </listener-class>
</listener
3. Open the file Central\tomcat\webapps\oo\WEB-INF\classes\META-INF\spring\securityContext.xml

4. Add these lines:
 <security:session-management>
        <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
 </security:session-management>