We have introduced a new way to upload, access and secure custom JSPs in RSA Identity Governance and Lifecycle version 7.1.1.
Previously, there was only one location you could upload JSPs to, called “JSP Pages” under Admin > User Interface > Files. The application did not secure access to any JSP by requiring users to first login before accessing it, instead security had to be part of the JSP itself (if needed).
Starting with 7.1.1 there are two locations to upload JSPs under Admin > User Interface > Files.
- JSP Pages
- Files uploaded to this directory are secured. Users are required to login to RSA Identity Governance and Lifecycle before they can access pages in this directory.
- They can be used only for internal activities after users have logged in (for example: Dashboard Components).
- They can be accessed using the following relative path /aveksa/custom/jsp/example.jsp
- External JSP Pages
- Files uploaded to this directory are not secured. Users can access pages in this directory without logging in (they are publicly accessible).
- They should be used only for external activities (for example: Request Form Validation URIs and Password Generator URIs).
- They can be accessed using the following relative path /aveksa/custom/external_jsp/example.jsp
In both cases, files uploaded must end in .JSP and should meet your internal corporate standards.
This change may affect your existing usage of JSPs specially if you were using JSPs for:
- Request Form validation URIs.
- Request Form Field validation URIs.
- Password Generator URIs.
- External URL Request Buttons.
- Workflow REST Web Service node URLs.
RSA created the following reports queries (attached) which can be run to identify any existing configurations that will be affected by this change. For each affected JSP you will need to:
- Re-upload the JSP under External JSP Pages.
- Change any configuration referencing to them from /aveksa/custom/jsp to /aveksa/custom/external_jsp.
Please run this report before migrating to version 7.1.1 to be prepared for the change.
21/05/2019 Update: Included Workflow REST Web Services nodes and separate SQL query as a potentially affected configuration.
- Access Request Manager
- blog post
- custom jsp
- Identity G&L
- Identity Governance & Lifecycle
- Product Blog
- Product Blog Post
- Request Forms
- RSA Identity
- RSA Identity G&L
- RSA Identity Governance & Lifecycle
- RSA Identity Governance and Lifecycle
- RSA IGL
- tech huddle
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.