Web Console Configuration
The ESF Web Console exposes a set of configuration parameters that can be used to increase the overall UI security.
The ESF Web Console configuration can be accessed in the Security section.
Web Server Entry Point
This parameter allows to configure the relative path that the user will be redirected to when accessing http(s)://gateway-ip/. Note: this parameter does not change the ESF Web UI relative path, that is always /admin/console.
The default value set is /admin/console
Session max inactivity interval
The session max inactivity interval in minutes. If no interaction with the Web UI is performed for the value of this parameter in minutes, a new login will be requested.
The default value set is 15 minutes
Access Banner Enabled
For security reasons, it may be needed to display to the user a banner that describes the intended system use before authenticating.
Once enabled and configured, the ESF Web UI will display a banner before every access attempt, as depicted in the image below.
Password Management
This section is related to the definition of required parameters that must be respected when defining a new password, for example when a user changes its password at first access.
Minimum password length
The minimum length to be enforced for new passwords. Set to 0 to disable.
The default value set is 8 characters
Require digits in new password
If set to true, new passwords will be accepted only if containing at least one digit.
The default value is false
Require special characters in new password
If set to true, new passwords will be accepted only if containing at least one non alphanumeric character
The default value is false
Require uppercase and lowercase characters in new passwords
If set to true, new passwords will be accepted only if containing both uppercase and lowercase alphanumeric characters.
The default value is false
Allowed ports
If set to a non empty list, Web Console access will be allowed only on the specified ports. If set to an empty list, access will be allowed on all ports. It is needed for the end user to make sure that the allowed ports are open in HttpService and Firewall configuration.
Authentication Method "Password" Enabled
Defines whether the "Password" authentication method is enabled or not.
The default value is true
Authentication Method "Certificate" Enabled
Defines whether the "Certificate" authentication method is enabled or not
The default value is true
SslManagerService Target Filter
It is possible to specify the SslManagerService containing the certificates truststore required to establish a new https connection, this is needed, for example, for fetching package descriptions from Eclipse Marketplace.
The default target is the org.eclipse.kura.ssl.SslManagerService
Updated about 1 year ago