IDM 7.4.1

Secure Felix web console

Before you deploy IDM in production, remove or protect the Felix web console that is exposed under /system/console. Authentication for this console is not integrated with authentication for IDM.

Remove the Felix web console

  1. Remove the web console bundle and all related plugin bundles:

    rm /path/to/openidm/bundle/org.apache.felix.webconsole*.jar
rm /path/to/openidm/bundle/openidm-felix-webconsole-7.3.0.jar

  2. Remove the felix.webconsole.json configuration file from your project’s conf/ directory:

    rm /path/to/project-dir/conf/felix.webconsole.json

Protect the Felix web console

To protect access to the Felix web console, change the credentials in your project’s conf/felix.webconsole.json file. These properties can be set using property substitution. This file contains the username and password to access the console, by default:

{
  "username" : "&{openidm.felix.webconsole.username|admin}",
  "password" : "&{openidm.felix.webconsole.password|admin}"
}