Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Unity Connection 8.5 Cisco Web Inbox/PCA

Hello,

We are looking for some guidance on what Cisco’s recommendation is and what other clients are doing to secure the Cisco Web Inbox application.  I have gone through  the admin guide and did not notice anything related the quetstions.


1. Can we have different authentication mechanism whether connecting from a corporate/home computer as opposed to a public Internet kiosk, i.e. form based authentication;


2. What is the inactivity timeout, if so, can it be set/modified;


3. Is there any username/password caching on connecting computers, if so, is there any cache cleaner mechanism.  Think this is done by clearing cache from Web Browser.


4. Can cookies be encrypted.

Any assistance you can offer would be greatly appreciated.

4 REPLIES
Community Member

Re: Unity Connection 8.5 Cisco Web Inbox/PCA

1.  Not 100% sure what you mean, so I may not be able to answer it fully.  You have to be on the network (whether locally or VPN) where Unity Connection resides in order to login to PCA.  Your username/password for PCA is your locally created username/password from CUCM (or AD credentials), so to answer your question I believe the answer is no since these CUCM credentials do not have an alternate method of authentication.

2.  300 seconds is the default (5 mins).  It can be modified...Login to CUC Admin Web Page and then go to system settings -->advanced-->connection administration

3.  Clearing cache memory is done via the browser

4.  Cisco had an app called ACE Web Application that encrypted cookies...it's EOL now and not sure what Cisco offers to this day, if anything.  However, there are 3rd party cookie encryptors out there...read first and try if you like http://thinkvitamin.com/code/encrypting-cookies-in-the-browser/

Community Member

Unity Connection 8.5 Cisco Web Inbox/PCA

For question 2, I think you are referring to the setting "Voice Mail Web Service: Session Timeout (in Seconds)". I have tried unsuccesfully to get this to do anything. I set it to 60 and was not forced out after 1 min -- is it minutes perhaps, hours? Is "Voice Mail Web Service" the same as Web Inbox? There is also a an "Advanced --> PCA" configuration screen with "Cisco PCA Session Timeout (in Minutes)" that I was assuming included Web Inbox but after the default of 20 minutes passed I don't believe that is the way to control it either.

For question 4, isn't this a security risk that should be addressed by the programmers as opposed to encrypting cookies via a 3rd party? My customer's base build for PCs is set to prompt when getting mixed content (HTTP/HTTPS) and thus is getting an error message asking if you want to accept mixed content -- thus confusing some users.  The Security department has confirmed that the cookies are the culprit and we have opened a TAC case on this, but turning the mixed content warning in the browser seems like it masks the real issue.

Thanks,

Mark

Cisco Employee

Re: Unity Connection 8.5 Cisco Web Inbox/PCA

I would recommend restarting the

Connection Voice Mail Web Service.

Thanks

Dharmesh

Community Member

Re: Unity Connection 8.5 Cisco Web Inbox/PCA

1. You have to be on local network or VPN to use Web Inbox, as Web Inbox messages do not show unless the URL you are using to connect is also configured on Unity. In other words, you cannot successfully connect via a public IP address URL if Unity is configured with a private IP address, nor with a user-friendly URL if Unity is configured with a different hostname. You can log in to PCA / Web Inbox when connecting remotely (non-VPN), but you will not see the Web Inbox content.

Upon recommendation of other users here on this site, I have implemented a reverse proxy, in my case using Cisco ASA firewall's Clientless SSL VPN facility. This is configured to allow remote users to connect to the firewall's SSL VPN login webpage and then if successfully security-checked to connect to the PCA login page, where they can then view the Web Inbox and, crucially, see and play voicemail message content. It should work from an Internet kiosk as it uses only a webpage and HTTPS, with no VPN client.

It also adds a 2nd layer of security, which is I believe what you are looking for.

Hope this helps.

Martin

1185
Views
3
Helpful
4
Replies
CreatePlease to create content