Change to the Tomcat configuration directory:
Linux: /opt/novell/nam/idp/webapps/nidp/WEB-INF
Windows Server 2008: \Program Files (x86)\Novell\Tomcat\webapps\nidp\WEB-INF
Open the web.xml file and add httpHeaderSecurity filter definition.
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
</filter>Add an appropriate maximum age value:
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
Add the filter mapping.
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>For more information, see Section 7.4, Adding HTTP Strict Transport Security.