Security Settings

Session Inactivity Timeout
If a registered session makes no requests for longer than the timeout, the user will be required to login again.
Session Limit
The maximum number of open sessions that can be registered with ESCWA.
Enable Single Sign On for Unsecured Resources
If this setting is enabled, ESCWA will use the current user's credentials to sign on to Directory Servers and other external entities, even if they are not TLS enabled. When disabled, this will only happen to TLS enabled resources.
Note: Micro Focus does not recommend using this option.

Encryption

Enable HSTS
HSTS is a security enhancement that prevents ESCWA from being accessed over unencrypted connections. ESCWA must be TLS enabled for this setting to be available. Once enabled, any other sites on this host will not be available unless they are accessible via HTTPS. The setting only stops applying when the user has not accessed the site for the duration specified in HSTS Max Age field. Only once HSTS has timed out for all users can HSTS and TLS be safely disabled. You can set the HSTS Max Age field to 0 to speed up this process.
Note: If enabled, the root certificate must be installed in the user's browser or they will not be able to access ESCWA.
HSTS Max Age
Duration in second for Enable HSTS timeout. See Enable HSTS for more information.