Removed cookies u and p.
https://devethosanalystlibrary.mercatoradvisorygroup.com/…/…/…/…/…/
Now gives an error.
Added –
pages enableViewStateMac=”true” viewStateEncryptionMode=”Always
Added HttpOnly flag:
• ecm
• EktGUID
• EkAnalytics
Enabled Single Sign-On(SSO). Removed password reset page (settings.aspx) and removed it from the menu. This is not needed in this site.
Changed Builtin password.
https://devethosanalystlibrary.mercatoradvisorygroup.com/WorkArea/activateuser.aspx
Added additional authentication before access is granted.
Disabled TLS version 1.0 and 1.1
Added add name=”X-Frame-Options” value=”sameorigin”
Removed –
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Added –
https://devethosanalystlibrary.mercatoradvisorygroup.com/error.aspx?aspxerrorpath=/test.aspx
https://devethosanalystlibrary.mercatoradvisorygroup.com/WorkArea/reterror.aspx
Added-
httpCookies sameSite=”None” requireSSL=”true” httpOnlyCookies=”true
Removed “Error Authenticating User” error message. Generic error message given “Invalid username or password”.
Removed –
https://devethosanalystlibrary.mercatoradvisorygroup.com/test.aspx
Added a 15 minutes session time out. After 15 minutes of inactivity user is logged out.
Restricted access to site resources (PDF) without authentication.
Added-
name=”Content-Security-Policy” value=”default-src * ; script-src * ‘unsafe-inline’ ‘unsafe-eval’; img-src ‘self’ ssl.google-analytics.com; style-src * ‘unsafe-inline’;”
Added-
name=”Strict-Transport-Security” value=”Strict-Transport-Security max-age=31536000; includeSubDomains; preload”
Added-
X-Content-Type-Options nosniff;
This change is creating issues in Content tab in Admin Panel, let us know if this change is not critical and we could revert.
Will discuss with Karen.
Added name=”X-Frame-Options” value=”sameorigin
Added Logout Functionality.
Enabled Single Sign-On(SSO). This functionality is not needed in this site.
Disabled web services documentation.
Removed version.xml
Upgraded to the latest version of jQuery version 3.6.0.
Upgraded to the latest version of jQuery-UI version 1.12.1.
Removed Ciphers that were not required.
Implemented.
Added add name=”X-XSS-Protection” value=”1; mode-block”
Enabled Single Sign-On(SSO). Handle this functionality via Identity Provider Session Management.
https://devethosanalystlibrary.mercatoradvisorygroup.com/
Removed access to the direct URL to ensure all users enter via the Portal.
Enabled Single Sign-On(SSO). This functionality is not needed in this site.
Enabled Single Sign-On(SSO). This functionality is not needed in this site.
We have configured following IdP metadata –
https://ethos-idp.fisglobal.com/auth/realms/ethos-uat/protocol/saml/descriptor
SAML Attributes required –
Email
FirstName
LastName
Client
The SAML request for Client Provisioning and User Provisioning is the same. Clients will be created automatically if the client is not found.
Client Provisioning will automatically be done, if the SAML attribute Client is not found in Ektron and a new Client will be created.
If FIS team needs access to ADMIN Panel, do let us know.
We will either disable Identity provider redirect on the login page or we could disable redirect for their IP address.
https://devethosanalystlibrary.mercatoradvisorygroup.com/login.aspx