In the Security section of the System Settings in XpoLog Manager, you can configure the following security settings:
- Activate security – By default, security is not activated in XpoLog, and you are not required to log in with a username and password. You can activate XpoLog’s security mechanism by selecting this option, so that you are redirected to XpoLog’s login page, and will be required to enter a username and password (default: admin, admin) in order to access XpoLog. In addition, a new Security item will be added to the XpoLog Manager menu.
Note: by default XpoLog comes with a 30 minutes session timeout, I.E. after login, if there's no activity for 30 minutes then the session will be terminated and the user will be redirected to login again.
To change it go to the INSTALLATION_DIRECTORY/ServletContainer/conf/ and edit the file web.xml - look for:
<!-- ==================== Default Session Configuration ================= -->
<!-- You can set the default session timeout (in minutes) for all newly -->
<!-- created sessions by modifying the value below. -->
<session-config>
<session-timeout>30</session-timeout>
</session-config>
You may change the value of <session-timeout>30</session-timeout> to any other number in minutes. Requires a service restart after saving the change.
- Login URL – the URL to which users will are redirected for login.
The Security tab also provides several different predefined authentication types:
- XpoLog Realm – Usernames and passwords are managed internally by XpoLog. Any user that logs in can change their username and password in User General Settings in the Security menu.
- Active Directory / LDAP
- Siteminder
- WebSeal
- Remote User
Note: In case your company uses a different authentication type, contact our
Support team for additional information for further assistance.
To configure security settings:
- In the System Settings console, open the Security tab.
- Select the Activate Security checkbox to require login to XpoLog with a username and password.
- In Session time out, select the number of minutes of inactivity before XpoLog closes. Default: 30 minutes
- In Login URL, if your organization has an external mechanism that it wants to use for validating login, type the URL; otherwise, leave the default URL.
- Under Authentication, in the Available Types list, select a type, and then click Add.
The selected type appears in the Selected Types list. For LDAP, SiteMinder, and WebSeal, click the configuration link to the right of Selected Types, and complete the settings page that appears.
For details on AD/LDAP authentication configuration, see Active Directory / LDAP Integration.
For details on SiteMinder authentication configuration, see Use single sign-on (SSO) with XpoLog.
Notes: - You can remove a type from the Selected Types list by selecting it and clicking Remove.
- In case there is more than one type of security authentication type the top selected type in the Selected Items list will be the primary authentication type.
- Click Save.
The Security settings are saved.
If you activated security (in step 2), the login page appears, requiring you to enter username and password. Once you log in, a Security tab appears in the menu.