Layer 7 Access Management

Expand all | Collapse all

Broadcom AA Admin Portal Share Key Minimum Length Restriction for Security

Jump to Best Answer
  • 1.  Broadcom AA Admin Portal Share Key Minimum Length Restriction for Security

    Posted 09-03-2019 11:02 AM
    Edited by Steven Wong 09-17-2019 10:44 AM
    Dear SMEs, 

    To configure Radius Client in CA AA, the Admin portal will need to be configured with a Shared Key. Currently, this Shared Key minimum length is 1 while the maximum length is 1024 as per Broadcom AA documentation. However, our Customer wants the minimum length to be 8 characters as per their security policy. The customer requires AA product to perform a minimum length validation that should not allow to configure Shared Key lesser than 8 digits length.

     

    Can we make minimum length configurable and Broadcom AA admin portal reject Radius client configuration if the minimum length check fails? Would it also be feasible to have the Shared Key MASKED so that it cannot be read by other users?

    Please advise and thanks.


    Regards,
     Steven



  • 2.  RE: Broadcom AA Admin Portal Share Key Minimum Length Restriction for Security

    Posted 21 days ago
    Hi Steven,

    Thanks for bringing this to our attention, this issue will be better handled through a support case and i am not sure if you already did? This seems to fall under enhancing the Admin console for this feature request, i will let the Product management team know about this as well.
    Apologies that we could not respond earlier but did you make any progress on this implementation or awaiting a response?

    -Namish


  • 3.  RE: Broadcom AA Admin Portal Share Key Minimum Length Restriction for Security

    Posted 21 days ago

    Hi Namish,

     

    We have actually already raised a Support Case #: 20058388 before creating for a request in the communities. We have not been able to make any progress for this in the implementation as the function is still absence in AA. Thanks.

     

     

    Regards,

    Steven

     

    Steven Wong

    Sr Project Manager  |  Enterprise Studio

    Mobile: +60 12 3090938  |  StevenChoonSeng.Wong@hcl.com

     

    /var/folders/g9/fybmkvt17h99wf96f6mpy52m0000gn/T/com.microsoft.Outlook/WebArchiveCopyPasteTempFiles/cidimage001.jpg@01D4FBAF.72280160

     

     

    ::DISCLAIMER::

    The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects.






  • 4.  RE: Broadcom AA Admin Portal Share Key Minimum Length Restriction for Security
    Best Answer

    Posted 21 days ago
    Hi Steven,

    I believe you are referring to this AA document link

    (https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/advanced-authentication/9-1/administrating/administrating-ca-strong-authentication/managing-global-ca-strong-authentication-configurations/configuring-ca-strong-authentication-for-radius.html) and the statement indicates like such:

    "The minimum length of key is 1 and the maximum is 512 characters."

    This would be an enhancement request What makes the minimum length restriction to a magic min length number of 8 makes it less prone to a attack.

    At a start I will file a enhancement request at this point and share the link to that enhancement request here. I do see your point that permutations that one would have to deal with be much larger at min length of 8.

    Kind Regards,
    Girish