2.8.2.1 Access Compliance Studio Application when Gateway is Enabled
This section describes how to access the Compliance Studio application when Gateway is enabled.
The Compliance Studio Gateway serves as the central routing point for
accessing the UI, ensuring a consistent origin for the Compliance Studio UIs. The
introduction of the gateway addresses the security risks and inconsistencies by
centralizing access and enhancing security.
This implementation, achieved via Spring Cloud Gateway, consolidates
all UI access through a single port. By doing so, the gateway enforces security headers
to mitigate clickjacking vulnerabilities. Specifically, it sets the Content Security
Policy (CSP) with the frame-ancestors 'self' directive, ensuring that the UI can only be
embedded within the same origin.
By default, COMPLIANCE_STUDIO_GATEWAY_ENABLED is set to true
and COMPLIANCE_STUDIO_GATEWAY_PORT is 7071 in the
<COMPLIANCE_STUDIO_INSTALLATION_PATH>/bin/install.sh
directory.
Note:
Make sure that COMPLIANCE_STUDIO_GATEWAY_PORT and Datastudio default port should be opened in the firewall.The Compliance Studio URL when gateway is enabled should be
https://<Hostname>:<COMPLIANCE_STUDIO_GATEWAY_PORT>/cs/home.
Configure SAML Authentication
Note:
This section is applicable only when AUTH_REALM is SAML.To configure the SAML Authentication: