Environment
Self Service Password Reset
SSPR 4.x
Situation
Unable to connect to SSPR server when url is entered without https:// prefix, e.g. mySSPRserver.example.com
Browser uses HTTP, not HTTPS to connect to mySSPRserver.example.com
SSPR refuses HTTP connection attempt
Is it possible to redirect HTTP to HTTPS for SSPR server?
Resolution
This is working as designed. When neither http nor https is entered in the URL, the browser chooses which protocol is used.
Users need to enter the complete link to the SSPR server, including https://
HTTPS is required to connect to an SSPR server. SSPR does not support HTTP.
It is not possible to redirect HTTP to HTTPS within the SSPR application.
Additional Information
Forcing the browser to use https is a function that can be performed by a web server, NetIQ Access Manager, a network gateway or a switch.
Customers who have installed SSPR in a Linux environment with the sspr.war file will have a Tomcat web server, and can modify the server.xml to redirect from HTTP to HTTPS.
To force Tomcat to switch the user to a secure connection modify the sspr/WEB-INF/web.xml and add the following 12 lines at the bottom of the file.
<security-constraint>
<web-resource-collection>
<web-resource-name>SSPR</web-resource-name>
<description>SSPR SSL-requiring Area</description>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>