Whenever the Identity Server reports a 500 internal error due to an invalid input, the reason for failure is included in the response and visible on the browser.
This might cause a security issue as intruders can use this information to attack against the Identity Server and ESP.
To prevent this, configure the web.xml file for Identity Server and ESP as follows:
Identity Server
Linux: /opt/novell/nam/idp/webapps/nidp/WEB-INF/web.xml
Windows Server 2008: \Program Files (x86)\Novell\Tomcat\webapps\nidp\WEB-INF/web.xml
ESP
Linux: /opt/novell/nam/mag/webapps/nesp/WEB-INF/web.xml
Windows: /Program Files/Novell/Tomcat/webapps/nesp/WEB-INF/web.xml
<welcome-file-list> <welcome-file>index.html</welcome-file> </welcome-file-list> <error-page> <error-code>500</error-code> <location>/index.html</location> </error-page>
index.html can be any custom page. You can configure web.xml for error-code 404 same as above by adding one more <error-page> tag.