CSIv2 Authentication Protocol client settings
In addition to those properties which are valid for both SAS and CSIv2, this page documents those properties which are valid only for the CSIv2 protocol.
- com.ibm.CSI.performStateful
- Used to determine if the CSIv2 protocol will maintain stateful sessions between a client and server after the initial secure association (authentication between a particular client and server).
For performance reasons, it is obviously beneficial to have this property enabled. Considerations for disabling this property might be for troubleshooting an authentication protocol session related problem.
Data type Boolean Units Not applicable Default True Range Valid values: True or False - com.ibm.CSI.performClientAuthenticationSupported
- Used to determine if message layer client authentication is supported.
When supported, message layer client authentication will be performed when communicating with any server which supports or requires it. Message layer client authentication involves transmitting either a userid/password or a token from an already authenticated credential. If the authenticationTarget is BasicAuth, the userid/password will be transmitted to the target server. If the authenticationTarget is a token-based mechanism such as LTPA or Kerberos, then the credential token will be transmitted to the server after authenticating the userid/password directly to the security server.
Data type Boolean Units Not applicable Default True Range Valid values: True or False - com.ibm.CSI.performClientAuthenticationRequired
- Used to determine if message layer client authentication is required.
When required, message layer client authentication must be performed when communicating with any server. If transport layer client authentication is also enabled, both will be performed, but message layer client authentication will take precedence at the server.
Data type Boolean Units Not applicable Default True Range Valid values: True or False - com.ibm.CSI.performTransportAssocSSLTLSSupported
- Used to determine if SSL is supported.
When SSL is supported, this client may use either SSL or TCP/IP to communicate to a server. If SSL is not supported then the client must communicate over TCP/IP to the server. It is recommended that SSL be supported so that any sensitive information is encrypted and digitally signed. When the associated property com.ibm.CSI.performTransportAssocSSLTLSRequired is enabled (set to true), this property is ignored. In this case, SSL will always be required.
Data type Boolean Units Not applicable Default True Range Valid values: True or False - com.ibm.CSI.performTransportAssocSSLTLSRequired
- Used to determine if SSL is required.
When SSL is required, this client must use SSL to communicate to a server. If SSL is not supported by a server, this client will not attempt a connection to that server. When this property is enabled, the associated property com.ibm.CSI.performTransportAssocSSLTLSSupported is ignored.
Data type Boolean Units Not applicable Default True Range Valid values: True or False - com.ibm.CSI.performTLClientAuthenticationSupported
- Used to determine if transport layer client authentication is supported.
When performing client authentication using SSL, the client key file must have a personal certificate configured. Without a personal certificate, the client cannot authenticate to the server over SSL. If the personal certificate is a self-signed certificate, the server must contain the client's public key in the server's trust file. If the personal certificate is a CA granted certificate, the server must contain the CA's root public key in the server's trust file. This property is only valid when SSL is supported or required. If the associated property com.ibm.CSI.performTLClientAuthenticationRequired is enabled, this property is ignored.
Data type Boolean Units Not applicable Default True Range Valid values: True or False - com.ibm.CSI.performTLClientAuthenticationRequired
- Used to determine if transport layer client authentication is required.
If required, every secure socket opened between a client and server will authenticate using SSL mutual authentication. When performing client authentication using SSL, the client key file must have a personal certificate configured. Without a personal certificate, the client cannot authenticate to the server over SSL.
If the personal certificate is a self-signed certificate, the server must contain the client's public key in the server's trust file. If the personal certificate is a CA granted certificate, the server must contain the CA's root public key in the server's trust file. When this property is specified, the associated property com.ibm.CSI.performTLClientAuthenticationSupported is ignored.
Data type Boolean Units Not applicable Default True Range Valid values: True or False - com.ibm.CSI.performMessageConfidentialitySupported
- Used to determine if 128-bit ciphers may be used to make SSL connections.
If a target server does not support 128-bit ciphers, a connection may be made at a lower encryption strength. This property is only valid when SSL is enabled.
Data type Boolean Units Not applicable Default True Range Valid values: True or False - com.ibm.CSI.performMessageConfidentialityRequired
- Used to determine if 128-bit ciphers must be used to make SSL connections.
If a target server does not support 128-bit ciphers, a connection to that server will fail. This property is only valid when SSL is enabled. When this property is enabled, the associated property com.ibm.CSI.performMessageConfidentialitySupported is ignored.
Data type Boolean Units Not applicable Default True Range Valid values: True or False - com.ibm.CSI.performMessageIntegritySupported
- Used to determine if 40-bit ciphers may be used to make SSL connections.
If a target server does not support 40-bit ciphers, a connection may be made using only digital signing ciphers. This property is only valid when SSL is enabled. This property is ignored if the associated property com.ibm.CSI.performMessageIntegrityRequired is enabled.
Data type Boolean Units Not applicable Default True Range Valid values: True or False - com.ibm.CSI.performMessageIntegrityRequired
- Used to determine if 40-bit ciphers must be used to make SSL connections.
If a target server does not support 40-bit ciphers, a connection to that server will fail. This property is only valid when SSL is enabled. When this property is enabled, the associated property com.ibm.CSI.performMessageIntegritySupported is ignored.
Data type Boolean Units Not applicable Default True Range Valid values: True or False