Security

Use this property page to configure the security options associated with the GroupWise^® Monitor Application.

Timeout
When a user logs in to GroupWise Monitor through a Web browser, the Monitor Application opens a session with the user. This option lets you specify a period of time after which the Monitor Application closes a session that has become inactive. A session becomes inactive when the user does not perform any actions that generate calls to the Monitor Application. Having a timeout period not only provides greater security but also ensures that GroupWise Monitor runs efficiently.

Timeout for Inactive Sessions
Select how long the Monitor Application should wait before ending an inactive session. If the user attempts to perform an action after the session has timed out, he or she is prompted to log in again.

Path for Inactive Sessions
Browse for and select the folder where you want the Monitor Application to save information about inactive sessions. This allows the Monitor Application to return the user to the exact state he or she was in when the session timed out. Inactive sessions are automatically deleted after a period of time.

The default path is to the users directory, located in the Monitor Application's home directory (by default, /opt/novell/groupwise/agents/gwmonitor/users on the root of the Web server).

Securing Sessions
The following options let you determine how you want to secure sessions. If desired, both options can be used.

Use Client IP in Securing Sessions
Select this option if you want the Monitor Application to bind the client IP address to the session. For that session, the Monitor Application accepts requests only from the bound IP address. If you are using a proxy server that masks the client IP address, you should use the Use Cookies option instead.

User Interface/Use Cookies/Disable Caching
You can increase security by using session cookies and disabling caching of Monitor information. Session cookies and caching are configurable on a per-user interface (template basis). For example, you could use session cookies and disable caching for the Standard HTML interface and not use session cookies or disable caching for the Wireless Markup Language interface.

Use Cookies
Select this option if you want the Monitor Application to use a session cookie to secure the user's session. The session cookie, which is created when the user opens the session, ties the session to the browser and ensures that the Monitor Application accepts session requests from that browser only. The session cookie is held in memory and exists only as long as the user is logged in.

By default, session cookies are enabled for all interfaces, with the exception of the Web Clippings interface, which does not support session cookies.

Disable Caching
This option affects both Web browser caching and proxy server caching. Because the Monitor Application sends sensitive information, caching of files by Web browsers and proxy servers can pose an information security risk.

If you select the Disable Caching option, the Monitor Application includes a "disable caching" request in the header of each file that it sends. By default, Web browsers honor this request and do not cache files that include the request. Proxy servers, on the other hand, might or might not honor the request, depending on how they are configured. If the proxy server honors the request, the file is not cached; if it does not honor the request, the file is cached, regardless of this setting.

Single Sign-On
The Monitor Application supports authentication to the GroupWise agents' Web consoles using Base64 authentication header credentials generated by a trusted server (for example, a Novell^® iChain^® Authentication Server). The authentication header must contain the HTTP username and password required to log in to the agents' Web consoles.

For example, if you set the HTTP username and password for all GroupWise agents to username "Admin" and password "Novell," any users who log in to the trusted server with those credentials are not prompted to reauthenticate when accessing the GroupWise agent Web consoles.

For the Monitor Agent, the HTTP username and password are defined in the Monitor Agent console's HTTP Configuration dialog box (Configuration menu > HTTP). For the MTA and POA, the HTTP username and password are defined in Novell eDirectory^TM on the object's GroupWise tab > Agent Settings page. For the Internet Agent and WebAccess Agent, the HTTP username and password are defined on the object's GroupWise tab > Optional Gateway Settings page.

To specify a trusted server whose authentication header credentials are accepted by the Monitor Application, click Add to display the Add Trusted Server Information dialog box, then enter the server's IP address or DNS hostname. For more information about the fields in the Add Trusted Server Information dialog box, click the dialog box's Help button.

A trademark symbol (^®, ^TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For more information, see Legal Notices.