Change to the Tomcat configuration directory:
/opt/novell/nam/idp/webapps/nidp/WEB-INF/
Open the web.xml file and add httpHeaderSecurity filter definition.
<filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <async-supported>true</async-supported> </filter>
Add an appropriate maximum age value:
<init-param> <param-name>hstsMaxAgeSeconds</param-name> <param-value>31536000</param-value> </init-param>
Add the filter mapping.
<filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping>
For more information, see Section 7.4, Adding HTTP Strict Transport Security.