Web GUI Access with the Admin Security License
The Oracle® Enterprise Session Border Controller (E-SBC) supports installing the Admin Security License from the Web GUI. You may find this method more convenient than using the ACLI. When you install the Admin Security License, the system provides additional configuration parameters and behavioral controls to enhance security. To support the Admin Security License, the system requires certificates and an HTTPS connection.
Additional Security Configuration Parameters
With the Admin Security License installed, the Web GUI displays the login-config page and adds parameters to the password-policy page.
The login-config page provides the configuration parameters shown in the following illustration.
Note:
The system supports single-factor and two-factor authentication forLogin auth method
.
The password-policy page displays the advanced
configuration parameters listed below
Min secure pwd len
in the following
illustration.
Enhanced Security Requirements
HTTPS—The system requires an HTTPS connection to access the Web GUI. Oracle recommends that you configure HTTPS on the Web server before installing the Admin Security License. If the Web server is configured for HTTP when you install the Admin Security License, the system displays an error message when you attempt to Save. Note that after the Admin Security License is installed, the system does not allow changing HTTPS to HTTP.
Certificates—The system requires you to configure localCert and localCertCA on the E-SBC in order to gain access to the Web GUI with HTTPS. Oracle recommends configuring the certificates and a TLS profile before installing the Admin Security license. For instructions, see "Configuring TLS on the Web Server" in the ACLI Configuration Guide.
Enhanced Security Behavior
Concurrent Sessions Limit—In login-config, you can specify the maximum number of concurrent sessions allowed. When the limit is reached, the system allows no more logins until the number of active sessions falls below the maximum.
Login History Confirmation—With the Admin Security License installed, and the login banner enabled, the system displays the previous login history. The user must acknowledge the login history. Yes allows the login attempt to proceed and No ends the session. The following illustration shows an example of the information provided.
- When you enable the login
banner, the system displays the notification in the Confirm banner.
- When you do not enable the
login banner, the system displays the notification in the Password banner upon
a login attempt.
Note:
The Web GUI does not support changing a user password. Use the#secret enable
command from the ACLI.
- The local Admin and User can login by way of the E-SBC console, the Web GUI, SSH or SFTP, and the system performs the local user authentication process.
- The local Admin and User can login only by way of the ACLI on the E-SBC when RADIUS is enabled. (No Web GUI, SSH, or SFTP login) You must configure the corresponding authentication type on the Session Director.
- RADIUS users can use their corresponding RADIUS user name to login to the Web GUI, and the system performs the secure user authentication process. The system displays the same login banner that local users see.
Two-Factor Authentication. When enabled, the system prompts the user for a passcode in addition to the User Name and Password. Change the default passcode upon the first login attempt. The length and strength requirements that apply to passwords also apply to passcodes. Other policy mandates such as history, re-use, and expiration do not apply to the passcode.
License Installation
From the Web GUI, install the Admin Security License by way of the Set License wizard on the Configuration tab.
The Set License wizard launches the Set License dialog, where you enter the license serial number.
Note:
The system deactivates the Set Initial Configuration wizard in the current session, so that you cannot accidentally erase the existing configuration.