PAS does not start after enabling AJP13

PAS does not start after enabling AJP13
Cannot start pas if the AJP connector is enabled:

ERROR [main] o.a.c.u.LifecycleBase - Failed to start component [Connector[AJP/1.3-8863]]
org.apache.catalina.LifecycleException: Protocol handler start failed

Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid.

Apache Tomcat fixed a vulnerability related to AJP Connector and that fix is available in the Tomcats we ship since OpenEdge 11.7.6, 12.2.3 , 12.3

When the PASOE instance is started with the AJP13 feature enabled (tcman feature AJP13=on) , it fails to start properly because AJP13 protocol is configured by default with: secretRequired="true" 

The secret option is supported since Apache Module mod_proxy_ajp 2.4.42, 2.5

In a test environment:

When enabling the AJP13 connector, update the server.xml with: secretRequired="false"

#  /conf/server.xml

<!-- feature:begin:AJP13:on -->
    <Connector executor="tomcatThreadPool"
               address="${psc.as.ajp13.address}"
               port="${psc.as.ajp13.port}"
               protocol="AJP/1.3"
               asyncTimeout="${psc.as.msg.timeout}"
               maxPostSize="${psc.as.msg.maxpostsize}"
               acceptCount="${psc.as.http.maxqueuesize}"
               maxConnections="${psc.as.http.maxconnections}"
               tomcatAuthentication="${psc.as.ajp13.tomcatauth}"
               redirectPort="${psc.as.https.port}"
               URIEncoding="${psc.as.http.uriencoding}"
               secretRequired="false" />
    <!-- feature:end:AJP13:on -->
feature:end:AJP13:on -->

#  /conf/Catalina.properties

# AJP13 user tomcat auth versus parent server
    psc.as.ajp13.tomcatauth=false

# AJP13 IP address AJPConnector listens on
# To receive connections from anywhere when PAS and LB on different machines
psc.as.ajp13.address=::   
# To receive connections from a specific server
psc.as.ajp13.address=[private IP of Server]
psc.as.ajp13.port=50000

Considerations in production:
          
0. If the reverse proxy and Tomcat are on the same box:
Use the loopback address if all the users that can access this box are trusted.
They can issue requests directly to the AJP13 port once logged on to the machine:
If the reverse proxy and Tomcat are on different boxes:
1. Protect AJP with a secret for the reverse proxy workers and the AJP connector
This requires using either mod_jk or a version of httpd that supports the secret parameter:
2. Disable AJP altogether in Tomcat, and instead use HTTP or HTTPS for incoming proxy connections by configuring an Apache server to work as a reverse proxy and use the HTTP connector in Tomcat 

Currently (as of 09-Feb-2021) the following enhancement request is open, suggesting that the secretRequired parameter for AJP13 be included by default in conf/server.xml.  Voting from more Customers indicating the importance of this Idea will determine it's priority for inclusionL

References to Other Documentation:

Apache Module mod_proxy_ajp

•  https://httpd.apache.org/docs/trunk/mod/mod_proxy_ajp.html

Apache Tomcat Configuration Reference

•  https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html
•  https://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html