How to enable HTTP Strict Transport Security (HSTS) Header on Authentication Manager Prime Self-Service Portal
Originally Published: 2025-04-07
Article Number
Applies To
RSA Product Set: SecurID Access
RSA Product/Service Type: SecurID Access Prime
Issue
Authentication Manager Prime Self-Service Portal is missing the HTTP Strict Transport Security (HSTS) Header. This article walks through on enabling HSTS header for the AM Prime Self-Service Portal.
Tasks
Resolution
- HSTS is configurable in ssp.properties .
- Make a copy of ssp.properties located under <Primekit_Installation_Directory>/configs/ssp/config
set "enable.hsts.filter" parameter in the ssp.properties to true:
enable.hsts.filter=true- Make a copy of the headerConfig.xml under <Primekit_Installation_Directory>/configs/ssp/config
- Modify 'headerConfig.xml' as follows:
<?xml version="1.0" encoding="UTF-8"?>
<header>
<map key="Strict-Transport-Security" value="max-age=31536000; includeSubDomains"/>
<map key="Referrer-Policy" value="no-referrer"/>
</header>- Restart SSP service
Related Articles
HSTS (Strict-Transport-Security) Header Explanation for RSA Authentication Manager 8.x Number of Views Determining an existing RSA Prime version Number of Views Your client does not have permissions to get this URL from the server error with RSA Authentication Agent for Web: IIS Number of Views Purchasing a New RSA SecurID Appliance to be a Replica Number of Views Unrecognized string/value shown in SubjectAltName extension of a certificate issued using the MS Logon Cert profile Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Authenticator 6.2.2 for Windows Administrator Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA SecurID software token .sdtid file fails to import into RSA SecurID Software Token 5.0 for Windows Monitor User Events in the Cloud Administration Console
Don't see what you're looking for?
