Provide Authentication and Authorization to the Load Balancer REST API

Idea ID 2774856

Provide Authentication and Authorization to the Load Balancer REST API

The REST API interface to the introduced in the Load Balancer Connector, v1.4.x release provides the means to update the configuration on the fly via the API.  That being said, there isn't currently any authentication and authorization to that REST API to protect unwanted queries or changes. 

The ideal solution would be for the LB to provide mixed mode configuration including, TLS, internal user/password, 2FA and RBAC functionality.  This would allow for the interface to be properly secured and provide the ability to have separation of duties.  Optimally, all provisioning could be centrally managed and performed from within ArcMC to streamline and standardize configurations across multiple LB connectors pairs.

2 Comments
Visitor..
Visitor..

Keith,

Thank you very much for opening this idea request.   This is a security loophole in the product component.   Any network connected user in the environment can mess up the whole configuration any time.   Authentication/Authorization feature has to be enabled for load balancer.   Control can also be implemented to limit the API usage from within the hosting server and limit it to 'root' or 'arcsight' user.  

Regards,

 

Shaji

Micro Focus Contributor
Micro Focus Contributor
Status changed to: Under Consideration

We will consider this enhancement for our November release schedule.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.