Cannot Save Environment Security Settings for Lifetime Environment as Platform Admin
Platform Version
11.12.0 (Build 29969)

Hello, I wonder if anyone can help.

My objective: To enforce HTTPS for Lifetime in our Outsystems environment.

We have an Outsystems Cloud installation.  As an administrator I have managed to change 'Environment Security' settings (for example, Force HTTP.... etc) in each normal environment (dev, test, prod), but I cannot see a way of doing this for Lifetime itself.  If I go into Service Center on the Lifetime environment, I get to the Administration / Security, and the checkboxes are there, but the 'Save' button is disabled (ie. navigate to <lifetime request domain>/ServiceCenter/Environment_Security.aspx as platform administrator).

Do I need to grant myself some special permission to enable my admin IT user to change these settings for the Lifetime environment? 

Many Thanks :-)

Hi Ian,

If you open the individual environment's service center,  you might have noticed a warning message "Environment Security is managed in LifeTime."


This means you need to go to the Management console and not the ServiceCenter. From your LifeTime, under environments section - you'll see all the security settings.

Regards,

Swatantra


Each of the environment section shows a summary like this underneath. Click on the "More Security Settings".

You may also navigate to it directly using https://<company-name>.outsystemsenterprise.com/lifetime/Environment_Security.aspx?EnvironmentId=1

Change the company name and the environment id accordingly.

Regards,

Swatantra

Hi Swatantra,

Thanks for the reply.

Yes, that works for normal environments like dev, test, prod etc.  But the security settings I'm referring to are actually for the lifetime environment.  The lifetime environment is not listed inside lifetime unfortunately.  It's an odd one. 

Regards

Ian


You don't see the Security Settings because the LifeTime is just a platform/environment management console, and it doesn't serve the web/mobile applications. The security settings, or the CSPs are for the applications, which can be set at environment level or at the application level. 

I would ask you to have a look at  https://success.outsystems.com/Documentation/11/Managing_the_Applications_Lifecycle/Secure_the_Applications/Enforce_HTTPS_Security, page says "Applies only to Traditional Web Apps"

Also, https://success.outsystems.com/Documentation/11/Managing_the_Applications_Lifecycle/Secure_the_Applications/Apply_Content_Security_Policy talks about web apps and mobile apps.



The problem I am having is that I cannot find a way of enforcing HTTPS for Lifetime itself.  So at the moment I can connect to Lifetime via HTTPS.  Not good.

Although Lifetime is a management console it still runs in an environment, and this environment is separate from the application environments.  I'm fine with the security settings for normal environments as listed in Lifetime, and I've happily been able to enforce HTTPS for each of these.

Note that Lifetime is just an application running in a 'special' management environment.  You can prove this by connecting to it in Service Studio, and yes, you can even create applications in it, if so desired (though probably not normally recommended).

We have the same issue. I've turned on the flags inside lifetime that upgrade http to https for screens, however you can access our Lifetime instance via http and I can't see anywhere that we can enforce https on Lifetime itself. 


Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.