Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:latest:security [2019/07/02 22:40]
cmaudoux [Configure security settings]
documentation:latest:security [2019/09/10 15:04] (current)
cmaudoux [Configure security settings]
Line 157: Line 157:
 Go in Manager, ''​General parameters''​ » ''​Advanced parameters''​ » ''​Security'':​ Go in Manager, ''​General parameters''​ » ''​Advanced parameters''​ » ''​Security'':​
   * **Username control**: Regular expression used to check user login syntax.   * **Username control**: Regular expression used to check user login syntax.
 +  * **Avoid browsers to store users password**: Enable this option to prevent browsers from prompting users to save passwords.
   * **Force authentication**:​ set to '​On'​ to force authentication when user connects to portal, even if he has a valid session.   * **Force authentication**:​ set to '​On'​ to force authentication when user connects to portal, even if he has a valid session.
   * **Force authentication interval**: time interval (in seconds) when an authentication renewal cannot be forced, used to prevent to loose the current authentication during the main process. If you experience slow network performances,​ you can increase this value.   * **Force authentication interval**: time interval (in seconds) when an authentication renewal cannot be forced, used to prevent to loose the current authentication during the main process. If you experience slow network performances,​ you can increase this value.
Line 169: Line 170:
   * **Form timeout**: Form token timeout (default to 120 seconds)   * **Form timeout**: Form token timeout (default to 120 seconds)
   * **Use global storage**: Local cache is used by default for one time tokens. To use global storage, set it to '​On'​   * **Use global storage**: Local cache is used by default for one time tokens. To use global storage, set it to '​On'​
-  * **LWP::​UserAgent and SSL options**: insert here options to pass to LWP::​UserAgent object (used by SAML or OpenID-Connect to query partners). Example: ''​verify_hostname => 0'',​ ''​SSL_verify_mode => 0''​+  * **LWP::​UserAgent and SSL options**: insert here options to pass to LWP::​UserAgent object (used by SAML or OpenID-Connect to query partners ​and AuthSSL or AuthBasic handler to request Portal URL). Example: ''​verify_hostname => 0'',​ ''​SSL_verify_mode => 0''​
   * **Content Security Policy**: ​ Portal builds dynamically this header. You can modify default values. Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn'​t block the redirects whereas Chrome does). Administrators may have to modify ''​formAction''​ value with wildcard likes *.   * **Content Security Policy**: ​ Portal builds dynamically this header. You can modify default values. Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn'​t block the redirects whereas Chrome does). Administrators may have to modify ''​formAction''​ value with wildcard likes *.
   * **Cross-Origin Resource Sharing**: ​ Portal builds those headers. You can modify default values. Administrators may have to modify ''​Access-Control-Allow-Origin''​ value with ' '.   * **Cross-Origin Resource Sharing**: ​ Portal builds those headers. You can modify default values. Administrators may have to modify ''​Access-Control-Allow-Origin''​ value with ' '.
Line 179: Line 180:
 <note warning>​Enable global storage for one time tokens will downgrade Portal performance!!! <note warning>​Enable global storage for one time tokens will downgrade Portal performance!!!
  
-Must be use ONLY with outdated or low performance Load Balancer.</​note>​+Must ONLY be use with outdated or low performance Load Balancer.</​note>​
 ===== Fail2ban ===== ===== Fail2ban =====
 To prevent brute force attack with fail2ban To prevent brute force attack with fail2ban