FIM 2010 R2: FIMCM - Portal should be set to use only secure connections
This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Forefront Identity Manager 2010 R2 Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer (https://go.microsoft.com/fwlink/?LinkId=122786).
Product |
Forefront Identity Manager 2010 R2 |
Feature |
FIM Certificate Management |
Operating System |
Windows Server 2008 R2 |
Severity |
Error |
Category |
Security |
Issue
FIMCM – Portal is set to allow non-secure connections
.png "FIM CM https rule")
Impact
FIMCM – User session information can be exposed.
Resolution
FIMCM – Portal should be set to accept only secure connections
Ensure that the enabled protocols for the IIS server is set to only allow https.
Additional references
For more information, see the FIM 2010 R2 Deployment Guide (https://technet.microsoft.com/en-us/library/jj134310(v=ws.10))