STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide

V-256754

CAT II (Medium)

The Security Token Service must not be configured with unused realms.

Rule ID

SV-256754r889232_rule

STIG

VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000381

Discussion

The Security Token Service performs user authentication at the application level and not through Tomcat. To eliminate unnecessary features and ensure the Security Token Service remains in its shipping state, the lack of a "UserDatabaseRealm" configuration must be confirmed.

Check Content

At the command prompt, run the following command: 
 
# grep UserDatabaseRealm /usr/lib/vmware-sso/vmware-sts/conf/server.xml 
 
If the command produces any output, this is a finding.

Fix Text

Navigate to and open: 
 
/usr/lib/vmware-sso/vmware-sts/conf/server.xml 
 
Remove the <Realm> node returned in the check. 
 
Restart the service with the following command: 
 
# vmon-cli --restart sts