sas.client.props
############################################################################### # # SAS Properties File # # This file contains properties that are used by the Secure Association # Services (SAS) component of the WebSphere Application Server product. # SAS executes on WebSphere java servers and client systems with java # applications that access WebSphere servers. # # ** SAS/CSIv2 Trace Instructions ** # # Note: To enable logging of trace on the application client, add the # following property to the startup script: -DtraceSetFile=filename. # Do not specify filename as a fully qualified path and filename, just # specify the filename. The file must exist in the classpath to be loaded. # A sample file is provided in <was_root>/properties/TraceSet.properties. # # There are two related functions provided by this file: # # 1.traceFileName property # This should be set to the fully qualified name of a file to which you want # output written. For example, traceFileName=c:\\MyTraceFile.log. This # property must be specified, otherwise no visible output is generated. # 2.Trace string # To enable SAS/CSIv2 trace, specify the trace string: SASRas=all=enabled # # If you only want to trace specific classes, you can specify a trace filter by # adding the property com.ibm.CORBA.securityTraceFilter=<comma-separated class names> # # com.ibm.CORBA.securityTraceFilter=SecurityConnectionInterceptor, CSIClientRI, SessionManager # # ** Encoding Passwords in this File ** # # The PropFilePasswordEncoder utility may be used to encode passwords in a # properties file. To edit an encoded password, replace the whole password # string (including the encoding tag {...}) with the new password and then # encode the password with the PropFilePasswordEncoder utility. Refer to # product documentation for additional information. # ############################################################################### #------------------------------------------------------------------------------ # Client Security Enablement # # - security enabled status ( false, true [default] ) #------------------------------------------------------------------------------ com.ibm.CORBA.securityEnabled=true #------------------------------------------------------------------------------ # RMI/IIOP Authentication Protocol (sas, csiv2, both [default]) # # Specify "both" when communicating with 5.0x and previous release servers. # Specify "csiv2" when communicating with only 5.0x servers. # Specify "sas" when communicating with only previous release servers. #------------------------------------------------------------------------------ com.ibm.CSI.protocol=both #------------------------------------------------------------------------------ # Authentication Configuration # # - authenticationTarget (BasicAuth [default], this is the only supported selection # on a pure client for this release. This is for message # layer authentication only, SSL client certificate authentication # is configured below under CSIv2 configuration.) # - authenticationRetryEnabled (enables authentication retries if login fails when # loginSource=prompt or stdin) # - authenticationRetryCount (the number of times to retry) # - source (prompt [default], properties, keyfile, stdin, none) # - timeout (prompt timeout, specified in seconds, 0 min to 600 max [default 300]) # - validateBasicAuth (determines if immediate authentication after uid/pw login, # or wait for method request to send uid/pw to server, # setting this to false gives the previous release behavior.) # - securityServerHost (when validateBasicAuth=true, this property might need to be set # in order for security code to lookup SecurityServer. Needs to be set to # any running WebSphere server host in the cell you are authenticating to. # - securityServerPort (when validateBasicAuth=true, this property might need to be set # in order for security code to lookup SecurityServer. Needs to be set to # the bootstrap port of the host chosen above. # - loginUserid (must be set if login source is "properties" ) # - loginPassword (must be set if login source is "properties" ) # - principalName (format: "realm/userid", only needed in cases where realm # is required. Typically the realm is already provided by the # server via the IOR and this property is not necessary). # #------------------------------------------------------------------------------ com.ibm.CORBA.authenticationTarget=BasicAuth com.ibm.CORBA.authenticationRetryEnabled=true com.ibm.CORBA.authenticationRetryCount=3 com.ibm.CORBA.validateBasicAuth=true com.ibm.CORBA.securityServerHost= com.ibm.CORBA.securityServerPort= com.ibm.CORBA.loginTimeout=300 com.ibm.CORBA.loginSource=prompt # RMI/IIOP user identity com.ibm.CORBA.loginUserid= com.ibm.CORBA.loginPassword= com.ibm.CORBA.principalName= #------------------------------------------------------------------------------ # CSIv2 Configuration (see InfoCenter for more information on these properties). # # This is where you enable SSL client certificate authentication. Must also # specify a valid SSL keyStore below with a personal certificate in it. #------------------------------------------------------------------------------ # Does this client support stateful sessions? com.ibm.CSI.performStateful=true # Does this client support/require BasicAuth (userid/password) client authentication? com.ibm.CSI.performClientAuthenticationRequired=false com.ibm.CSI.performClientAuthenticationSupported=true # Does this client support/require SSL client authentication? com.ibm.CSI.performTLClientAuthenticationRequired=false com.ibm.CSI.performTLClientAuthenticationSupported=false # Note: One can perform BasicAuth (uid/pw) and SSL client authentication (certificate) # simultaneously, however, the BasicAuth identity will always take precedence at the server. # Does this client support/require SSL connections? com.ibm.CSI.performTransportAssocSSLTLSRequired=false com.ibm.CSI.performTransportAssocSSLTLSSupported=true # Does this client support/require 40-bit cipher suites when using SSL? com.ibm.CSI.performMessageIntegrityRequired=true com.ibm.CSI.performMessageIntegritySupported=true # Note: This property is only valid when SSL connections are supported or required. # Does this client support/require 128-bit cipher suites when using SSL? com.ibm.CSI.performMessageConfidentialityRequired=false com.ibm.CSI.performMessageConfidentialitySupported=true # Note: This property is only valid when SSL connections are supported or required. #------------------------------------------------------------------------------ # SSL Configuration # # - protocol (SSL [default], SSLv2, SSLv3, TLS, TLSv1) # - keyStoreType (JKS [default], JCEK, PKCS12) # - trustStoreType (JKS [default], JCEK, PKCS12) # - keyStore and trustStore (fully qualified path to file) # - keyStoreClientAlias (string specifying ssl certificate alias to use from keyStore) # - keyStorePassword and trustStorePassword (string specifying password - encoded or not) # - cipher suites (refer to InfoCenter for valid ciphers) # # com.ibm.ssl.enabledCipherSuites=enabled_cipher_suites # # Note: The com.ibm.ssl.enabledCipherSuites property defines the cipher # suites used for the SSL session. If this property is defined, it # overrides the default cipher suites defined for the specified QOP. # #------------------------------------------------------------------------------ com.ibm.ssl.protocol=SSL com.ibm.ssl.keyStoreType=JKS com.ibm.ssl.keyStore=/opt/WebSphere/DeploymentManager/etc/DummyClientKeyFile.jks com.ibm.ssl.keyStorePassword={xor}CDo9Hgw\= com.ibm.ssl.trustStoreType=JKS com.ibm.ssl.trustStore=/opt/WebSphere/DeploymentManager/etc/DummyClientTrustFile.jks com.ibm.ssl.trustStorePassword={xor}CDo9Hgw\= #------------------------------------------------------------------------------ # Quality of Protection for the IBM protocol # # - perform ( high [default], medium, low ) #------------------------------------------------------------------------------ com.ibm.CORBA.standardPerformQOPModels=high #------------------------------------------------------------------------------ # CORBA Request Timeout (used when getting NO_RESPONSE exceptions, typically # during high-stress loads. Specify on all processes # involved in the communications.) # # - timeout (specified in seconds [default 180], 0 implies no timeout) # # com.ibm.CORBA.requestTimeout=180 #------------------------------------------------------------------------------ com.ibm.CORBA.requestTimeout=180
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.