Recommendations

**1 – It is recommended to keep your application up to date with the latest JRE and JDK to stay away from security vulnerabilities. JRE and JDK upgrades are not in the scope of WAM deployment and must be borne by the Application administrator.

Following are the reference links:

• https://www.oracle.com/security-alerts/javacpufeb2012.html
• https://openjdk.java.net/groups/vulnerability/advisories/

**2 – Logically, we support this WAM deployment on any flavour of the application server. This setup is currently tested on the Tomcat Application server only. WAM Deployment is not supported for outdated and unsupported application servers.

**3 - The application server installation is not in the scope of WAM deployment. The installation and maintenance are borne by the customer.

**4 – The WAM is not supported in an architecture where multiple applications are installed on a single Application Server. Because ciwam.properties is common in this Approach and might affect all applications. We recommend one application on one Application server.

**5 – CI must be accessible from the Server from where the application is deployed and the WAM deployment team/customer must have access to the application server and also must verify whether the protected application is hosted.

**6 – In the case of an IIS server that is running in classic mode:

Add the following code in the web.config file of the application, to register the WAM module.

**7 – The WAM-enabled application must have written permission to the C:\Cross folder for creating logs and reading the configuration.

**8 – We highly recommend configuring SSL at Cross Identity and at the Protected application side for the Live/Production environment to avoid any security risks.

**9  – Troubleshooting steps of WAM for .Net based application: 

1. Validate the configuration file. In addition, verify whether the parameter and value are correct.
2. Validate the name of the WAM module in the IISServer Application Configuration.
3. In case, if either URLs or images are not loading then enable logs by creating a registry as follows:
   Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Cross\Logging registry key. 
4. Create z string value as wam and set the value as True.
5. Verify whether the log file ciwamlogs.txt is either created or is available in the <<location>>.
6. In case, if any URL or file extension prevents the loading of the application page, then identify the URL or the file extension. Then, add a skip element or skip URL in the configuration file.
7. For the file extension, add the required skipelements=.js,.css,.png,.ico,ac.do?,services,.gif,.jpg extension in the configuration file.
8. Similarly, if any URL issue occurs then add skipurl=http://xyz.com,http://asf.com in the configuration file.
9. In case logs are not getting generated, ensure to verify the write permission on the <<location>> folder.