Administration Console contains configuration information for all Access Manager components. If you federate your users with other servers, it stores configuration information about these users. You need to protect Administration Console so that unauthorized users cannot change configuration settings or gain access to the information in the configuration store.
When you develop a security plan for Access Manager, consider the following considerations:
Section 2.1, Restricting Administration Console Access to only Private Network
Section 2.2, Managing Administration Console Session Timeout
Section 2.8, Configuring Stronger Ciphers for SSL Communication
Section 2.13, Preventing Error Messages to Show the Failure Reason on Browsers
Section 2.15, Configuring to Display a Generic Login Failure Message
Section 2.17, Samples of Recommended Settings in Configuration Files