Vulnerability Discussion
Unauthenticated application servers render the organization subject to exploitation. Therefore, application servers must be uniquely identified and authenticated to prevent unauthorized access.
Satisfies: SRG-APP-000148-AS-000101, SRG-APP-000149-AS-000102, SRG-APP-000151-AS-000103, SRG-APP-000177-AS-000126, SRG-APP-000389-AS-000253, SRG-APP-000390-AS-000254, SRG-APP-000391-AS-000239, SRG-APP-000392-AS-000240, SRG-APP-000400-AS-000246, SRG-APP-000401-AS-000243, SRG-APP-000402-AS-000247, SRG-APP-000403-AS-000248, SRG-APP-000404-AS-000249, SRG-APP-000405-AS-000250
Check
The Administrator must check the Automation Controller web administrator console and verify the appropriate authentication provider is configured and the associated fields are complete and accurate.
Log in to Automation Controller as an administrator and navigate to Settings >> Authentication.
If the organization-defined identity provider is not configured, or any associated fields are incomplete or inaccurate, this is a finding.
Fix
Log in to Automation Controller as an administrator and navigate to Settings >> Authentication.
Configure the appropriate authentication provider and associated fields for the organization-defined identity provider:
Click on LDAP settings.
Click "Edit".
Configure/complete the fields.
Click "Save".