Security hardening

The CAS access manager is a part of the IAM appliance installation which provides authentication for other services in the appliance. As such, it is required for the appliance functioning.

Each service is registered in CAS. In this version of the IAM appliance, only the CzechIdM service is registered. The default registration does not contain the appliance host name.

This default setting is not entirely secure. We therefore recommend you change the registration which can be found in the /data/volumes-shared/cas-services/idm-200.json file. Edit this file and replace the regular expression .+ within the appliance host name, e.g.:

The default CzechIdM service registration

"serviceId" : "https://.+/idm.+",

A secure registration of the CzechIdM service for hostname "iam.appliance.com"

"serviceId" : "https://iam.appliance.com/idm.+",

After reconfiguration, restart the CAS service a check that CzechIdM authentication is working.

Restart the CAS service

[root@localhost ~]# systemctl restart iam-cas.service