The Security Token Service must not be configured with unused realms.

An XCCDF Rule

Description

<VulnDiscussion>The Security Token Service performs user authentication at the application level and not through Tomcat. To eliminate unnecessary features and ensure the Security Token Service remains in its shipping state, the lack of a "UserDatabaseRealm" configuration must be confirmed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256754r889232_rule
Severity: Medium
References: CCI-000381
Updated: 8 months ago

Navigate to and open: 
 
/usr/lib/vmware-sso/vmware-sts/conf/server.xml 
 
Remove the <Realm> node returned in the check. 
 Restart the service with the following command: 
 
# vmon-cli --restart sts

The Security Token Service must not be configured with unused realms.

Description

Remediation - Manual Procedure