beautypg.com

Http authentication – Amer Networks E5Web GUI User Manual

Page 538

background image

7.

If a timeout restriction is specified in the authentication rule then the authenticated user will
be automatically logged out after that length of time without activity.

Any packets from an IP address that fails authentication are discarded.

8.2.7. HTTP Authentication

Where users are communicating through a web browser using the HTTP or HTTPS protocol then
authentication is done by cOS Core presenting the user with HTML pages to retrieve required
user information. This is sometimes also referred to as WebAuth and the setup requires further
considerations.

The Management Web Interface Port Must Be Changed

HTTP authentication will collide with the Web Interface's remote management service which also
uses TCP port 80 by default. To avoid this problem, the Web Interface port number must be
changed before configuring authentication.

Do this by going to Remote Management > Advanced settings in the Web Interface and
changing the setting WebUI HTTP Port. Port number 81 could instead, be used for this setting.

The same is true for HTTPS authentication and the default HTTPS management port number of
443 must also be changed.

HTTP and HTTPS Agent Options

For HTTP and HTTPS authentication there is a set of options in an authentication rule called
Agent Options. These are:

Login Type - This can be one of:

i.

HTML form - The user is presented with an HTML page for authentication which is filled
in and the data sent back to cOS Core with a POST. A predefined HTML file in cOS Core
will be used but this can be customized as described below in Section 8.4, “Customizing
Authentication HTML Pages”
.

ii.

BASIC authentication - This sends a 401 - Authentication Required message back to
the browser which will cause it to use its own inbuilt dialog to ask the user for a
username/password combination. A Realm String can optionally be specified which will
appear in the browser's dialog.

HTML form is recommended over BASICAUTH because, in some cases, the browser
might hold the login data in its cache.

iii.

MAC authentication - Authentication is performed for HTTP and HTTPS clients without a
login screen. Instead, the MAC address of the connecting client is used as the username.
The password is the MAC address or a specified string.

MAC authentication is explained further in Section 8.3, “ARP Authentication”.

If the Agent is set to HTTPS then the Host Certificate and Root Certificate(s) have to be
chosen from a list of certificates already loaded into cOS Core. Certificate chaining is
supported for the root certificate.

IP Rules are Needed

Chapter 8: User Authentication

538

This manual is related to the following products: