The Administration Console and Identity Server are sometimes installed on the same machine. The Identity Server must be accessible and the services provided by Access Manager must be available on the Internet. This might cause a security issue with the Administration Console.
Perform the following steps to secure the Administration Console:
Make a copy of the server.xml file.
Edit the server.xml file.
Linux: /opt/novell/nam/idp/conf
Windows: \Program Files (x86)\Novell\Tomcat\conf
Look for the end of the <Host> block.
Before the last line (before </Host>), insert the following lines:
<Context path="/nps">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="xxx.yyy.zzz.www" />
</Context>
The syntax for the allow directive, which can also be changed to a deny directive, is a comma-separated IP regular expressions list (Perl regex format). A simple example is as follows:
allow="192.168.10[1-3].[0-9]*"
This allows you to access the following IP addresses: 192.168.101.0/24, 192.168.102.0/24, 192.168.103.0/24.