SAS and CSIV2 authentication protocol common settings for a client configuration
Use the following settings in the $ND_HOME/properties/sas.client.props file to configure SAS and CSIV2 clients.
com.ibm.CORBA.securityEnabled
- Use to determine if security is enabled for the client process.
Data type: Boolean Default: True Valid values: True or False
com.ibm.CSI.protocol
- Use to determine which authentication protocols are active.
The client can configure protocols of ibm, csiv2 or both as active. The only possible values for an authentication protocol are ibm, csiv2 and both. Do not use sas for the value of an authentication protocol. This restriction applies to both client and server configurations.
Typically, specifying both provides the best interoperability with other servers. When communicating with previous releases of WebSphere Application Server, speicify either both or the ibm protocol. If communicating with only WAS V5 servers, specify csiv2 because the SAS interceptors are not loaded and executed for each method request.
Data type: String Default: Both Valid values: ibm, csiv2, both
com.ibm.CORBA.authenticationTarget
- Use to determine the type of authentication mechanism for sending security information from the client to the server.
If basic authentication is specified, the user ID and password are sent to the server. Using the SSL transport with this type of authentication is recommended because otherwise the password is not encrypted. The target server must support the specified authenticationTarget.
If you specify Lightweight Third Party Authentication (LTPA), then LTPA must be the mechanism configured at the server for a method request to proceed securely.
Data type: String Default: BasicAuth Valid values: BasicAuth, LTPA
com.ibm.CORBA.validateBasicAuth
- Used to determine if the user ID and password get validated immediately after the login data is entered when the authenticationTarget property is set to BasicAuth.
In past releases, BasicAuth logins only validated with the initial method request. During the first request, the user ID and password would get sent to the server. This is the first time the client can notice an error, if the user ID or password is incorrect, . When validateBasicAuth is specified, the validation of the user ID and password occurs immediately to the security server.
For performance reasons, you might want to disable this property if it is not desirable to verify the userid and password immediately. If the client program can wait, it is better to have allow the initial method request flow to the user ID and password. However, program logic might not be as clean and simple because of error handling considerations.
Data type: Boolean Default: True Valid values: True or False
com.ibm.CORBA.authenticationRetryEnabled
- Used to specify that a failed login attempt is retried. This property determines if a retry occurs for other errors, such as stateful sessions not found on a server or validation failures at the server because of an expiring credential.
The minor code in the exception returned to a client determines which errors are retried. The number of retry attempts is dependent upon the property com.ibm.CORBA.authenticationRetryCount.
Data type: Boolean Default: True Valid values: True or False
com.ibm.CORBA.authenticationRetryCount
- Used to specify the number of retries that occur until either a successful authentication occurs or the maximum retry value is reached.
When the maximum retry value is reached, the authentication exception is returned to the client.
Data type: Integer Default: 3 Range: 1-10
com.ibm.CORBA.loginSource
- Used to specify how the request interceptor attempts to log in if it does not find an invocation credential already set.
This property is only valid if message layer authentication occurs. If only transport layer authentication occurs, this property is ignored. When specifying properties, the following two additional properties need to be defined: com.ibm.CORBA.loginUserid and com.ibm.CORBA.loginPassword. When performing a programmatic login, it is not necessary to specify none as the loginSource. Unless you want the request to fail, there should not be a credential set as the invocation credential during a method request.
Data type: String Default: Prompt Valid values: prompt, key file, stdin, none, properties
com.ibm.CORBA.loginUserid
- Used to specify the user ID when a properties login is configured and message layer authentication occurs.
This property is only valid when com.ibm.CORBA.loginSource=properties. Also set the property com.ibm.CORBA.loginPassword.
Data type: String Range: Any string appropriate for a user ID in the configured user registry of the server.
com.ibm.CORBA.loginPassword
- Used to specify the password when a properties login is configured and message layer authentication occurs.
This property is only valid when com.ibm.CORBA.loginSource=properties. Also set the property com.ibm.CORBA.loginUserid.
Data type: String Range: Any string appropriate for a password in the configured user registry of the server
com.ibm.CORBA.keyFileName
- Used to specify the key file being used to log in.
A key file is a file which contains a list of realm, user ID, password combinations that a client uses to log into multiple realms. The realm used is the one found in the IOR for the current method request. The value of this property is used when com.ibm.CORBA.loginSource=key file is used.
Data type: String Default: C:/WebSphere/AppServer/properties/wsserver.key Range: Any fully qualified path and file name of a WebSphere Application Server key file
com.ibm.CORBA.loginTimeout
- Used to specify the length in time that the login prompt stays available before it is considered a failed login.
Data type: Integer Units: Seconds Default: 300 (5 minute intervals) Range: 0 - 600 (10 minute intervals)
com.ibm.CORBA.securityEnabled
- Used to determine if security is enabled for the client process.
Data type: Boolean Default: True Range: True or False
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.