Web GUI Access with the Admin Security License

The Oracle® Enterprise Session Border Controller (E-SBC) supports installing the Admin Security License from the Web GUI. You may find this method more convenient than using the ACLI. When you install the Admin Security License, the system provides additional configuration parameters and behavioral controls to enhance security. To support the Admin Security License, the system requires certificates and an HTTPS connection.

Additional Security Configuration Parameters

With the Admin Security License installed, the Web GUI displays the login-config page and adds parameters to the password-policy page.

The login-config page provides the configuration parameters shown in the following illustration.

This image is a screen capture of the parameters in login config, including the drop down list for choosing either single factor or two factor authentication.

Note:

The system supports single-factor and two-factor authentication for Login auth method.

The password-policy page displays the advanced configuration parameters listed below Min secure pwd len in the following illustration.

This image is a screen capture of the parameters that you can set in the password policy configuration.

Enhanced Security Requirements

HTTPS—The system requires an HTTPS connection to access the Web GUI. Oracle recommends that you configure HTTPS on the Web server before installing the Admin Security License. If the Web server is configured for HTTP when you install the Admin Security License, the system displays an error message when you attempt to Save. Note that after the Admin Security License is installed, the system does not allow changing HTTPS to HTTP.

Certificates—The system requires you to configure localCert and localCertCA on the E-SBC in order to gain access to the Web GUI with HTTPS. Oracle recommends configuring the certificates and a TLS profile before installing the Admin Security license. For instructions, see "Configuring TLS on the Web Server" in the ACLI Configuration Guide.

Enhanced Security Behavior

Concurrent Sessions Limit—In login-config, you can specify the maximum number of concurrent sessions allowed. When the limit is reached, the system allows no more logins until the number of active sessions falls below the maximum.

Login History Confirmation—With the Admin Security License installed, and the login banner enabled, the system displays the previous login history. The user must acknowledge the login history. Yes allows the login attempt to proceed and No ends the session. The following illustration shows an example of the information provided.

This image is a screen capture example of login information from a previous login, and the yes and no buttons you use to accept or reject acknowledgement.

Password Expiry Notification—You can configure password-policy to notify the user up to 90 days in advance of password expiry. The system provides the notification in the following ways.
  • When you enable the login banner, the system displays the notification in the Confirm banner.

    This image is a screen capture of the password expiry notification when the login banner is enabled.Shows previous login history and passwoprd expiry notification.

  • When you do not enable the login banner, the system displays the notification in the Password banner upon a login attempt.

    This image is a screen capture of the password expiry notification when the login banner is not enabled. Shows only the password expiry notification. Does not show previous login history.

Note:

The Web GUI does not support changing a user password. Use the #secret enable command from the ACLI.
Remote Authentication. In the Authentication configuration object, you can select RADIUS or TACACS for remote authentication. The system behaves as follows:
  • The local Admin and User can login by way of the E-SBC console, the Web GUI, SSH or SFTP, and the system performs the local user authentication process.
  • The local Admin and User can login only by way of the ACLI on the E-SBC when RADIUS is enabled. (No Web GUI, SSH, or SFTP login) You must configure the corresponding authentication type on the Session Director.
  • RADIUS users can use their corresponding RADIUS user name to login to the Web GUI, and the system performs the secure user authentication process. The system displays the same login banner that local users see.

Two-Factor Authentication. When enabled, the system prompts the user for a passcode in addition to the User Name and Password. Change the default passcode upon the first login attempt. The length and strength requirements that apply to passwords also apply to passcodes. Other policy mandates such as history, re-use, and expiration do not apply to the passcode.

License Installation

From the Web GUI, install the Admin Security License by way of the Set License wizard on the Configuration tab.

This image is a screen capture of the Wizards menu with the set license item selected.

The Set License wizard launches the Set License dialog, where you enter the license serial number.

This image is a screen capture of the dialog that displays when you click set license on the wizards menu

When you click Complete, the system completes the installation. You do not need to Save and Activate or re-run the Set Initial Configuration wizard.

Note:

The system deactivates the Set Initial Configuration wizard in the current session, so that you cannot accidentally erase the existing configuration.
For license installation instructions, see "Set License" in the Web GUI User Guide. and the online Help.
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents