<?xml version="1.0" encoding="UTF-8"?> <security:Security xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:orb.securityprotocol="http://www.ibm.com/websphere/appserver/schemas/5.0/orb.securityprotocol.xmi" xmlns:security="http://www.ibm.com/websphere/appserver/schemas/5.0/security.xmi" xmi:id="Security_nnn" useLocalSecurityServer="true" useDomainQualifiedUserNames="false" enabled="true" cacheTimeout="600" issuePermissionWarning="true" activeProtocol="BOTH" enforceJava2Security="false" activeAuthMechanism="LTPA_nnn" activeUserRegistry="LDAPUserRegistry_nnn" defaultSSLSettings="SSLConfig_nnn"> <authMechanisms xmi:type="security:LTPA" xmi:id="LTPA_nnn" OID="oid:1.3.18.0.2.30.2" authContextImplClass="com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl" authConfig="system.LTPA" simpleAuthConfig="system.LTPA" authValidationConfig="system.LTPA" timeout="120" password="{xor}Lz4sLCgwLTs="> <trustAssociation xmi:id="TrustAssociation_nnn" enabled="false"> <interceptors xmi:id="TAInterceptor_nnn" interceptorClassName="com.ibm.ws.security.web.WebSealTrustAssociationInterceptor"/> </trustAssociation> <singleSignon xmi:id="SingleSignon_nnn" requiresSSL="false" domainName="" enabled="true"/> <private xmi:id="Key_nnn" byteArray="LDVQEEC5Uw7RG1jia"/> <public xmi:id="Key_nnn" byteArray="AOw42qODy4wjeiRmRewZ"/> <shared xmi:id="Key_nnn" byteArray="BO3bJGGScnVeqHICZX7LvSnmphyJO4sPp7ji+BJPSDM="/> </authMechanisms> <userRegistries xmi:type="security:LocalOSUserRegistry" xmi:id="LocalOSUserRegistry_nnn" serverId="" serverPassword="{xor}" realm=""/> <userRegistries xmi:type="security:CustomUserRegistry" xmi:id="CustomUserRegistry_nnn" customRegistryClassName="com.ibm.websphere.security.FileRegistrySample"/> <userRegistries xmi:type="security:LDAPUserRegistry" xmi:id="LDAPUserRegistry_nnn" serverId="was" serverPassword="{xor}MTArNikf" realm="host1.domainx.net:389" limit="0" ignoreCase="false" type="ACTIVE_DIRECTORY" sslEnabled="false" sslConfig="hostManager/DefaultSSLSettings" baseDN="OU=Engineering,DC=domainx,DC=net" bindDN="CN=bindadmin,OU=Engineering,DC=domainx,DC=net" bindPassword="{xor}MTArNikf" searchTimeout="120" monitorInterval="0" reuseConnection="true"> <searchFilter xmi:id="LDAPSearchFilter_nnn" userFilter="(&(sAMAccountName=%v)(objectclass=user))" groupFilter="(&(cn=%v)(objectclass=group))" userIdMap="user:sAMAccountName" groupIdMap="*:cn" groupMemberIdMap="memberof:member" certificateMapMode="EXACT_DN" certificateFilter=""/> <hosts xmi:id="EndPoint_nnn" host="host1.domainx.net" port="389"/> </userRegistries> <applicationLoginConfig xmi:id="JAASConfiguration_nnn"> <entries xmi:id="JAASConfigurationEntry_nnn" alias="ClientContainer"> <loginModules xmi:id="JAASLoginModule_nnn" moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy" authenticationStrategy="REQUIRED"> <options xmi:id="Property_nnn" name="delegate" value="com.ibm.ws.security.common.auth.module.WSClientLoginModuleImpl"/> </loginModules> </entries> <entries xmi:id="JAASConfigurationEntry_nnn" alias="WSLogin"> <loginModules xmi:id="JAASLoginModule_nnn" moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy" authenticationStrategy="REQUIRED"> <options xmi:id="Property_nnn" name="delegate" value="com.ibm.ws.security.common.auth.module.WSLoginModuleImpl"/> </loginModules> </entries> <entries xmi:id="JAASConfigurationEntry_nnn" alias="DefaultPrincipalMapping"> <loginModules xmi:id="JAASLoginModule_nnn" moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy" authenticationStrategy="REQUIRED"> <options xmi:id="Property_nnn" name="delegate" value="com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule"/> </loginModules> </entries> </applicationLoginConfig> <CSI xmi:id="IIOPSecurityProtocol_nnn"> <claims xmi:type="orb.securityprotocol:CommonSecureInterop" xmi:id="CommonSecureInterop_nnn" stateful="true"> <layers xmi:type="orb.securityprotocol:IdentityAssertionLayer" xmi:id="IdentityAssertionLayer_nnn"> <supportedQOP xmi:type="orb.securityprotocol:IdentityAssertionQOP" xmi:id="IdentityAssertionQOP_nnn" enable="false"/> </layers> <layers xmi:type="orb.securityprotocol:MessageLayer" xmi:id="MessageLayer_nnn"> <requiredQOP xmi:type="orb.securityprotocol:MessageQOP" xmi:id="MessageQOP_nnn" establishTrustInClient="false"/> <supportedQOP xmi:type="orb.securityprotocol:MessageQOP" xmi:id="MessageQOP_nnn" establishTrustInClient="true"/> </layers> <layers xmi:type="orb.securityprotocol:TransportLayer" xmi:id="TransportLayer_nnn"> <requiredQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_nnn" establishTrustInClient="false" enableProtection="false" confidentiality="false" integrity="true"/> <supportedQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_nnn" establishTrustInClient="true" enableProtection="true" confidentiality="true" integrity="true"/> <serverAuthentication xmi:id="IIOPTransport_nnn" sslConfig="hostManager/DefaultSSLSettings"/> </layers> </claims> <performs xmi:type="orb.securityprotocol:CommonSecureInterop" xmi:id="CommonSecureInterop_nnn" stateful="true" sessionGCInterval="300000" sessionGCIdleTime="900000"> <layers xmi:type="orb.securityprotocol:IdentityAssertionLayer" xmi:id="IdentityAssertionLayer_nnn"> <requiredQOP xmi:type="orb.securityprotocol:IdentityAssertionQOP" xmi:id="IdentityAssertionQOP_nnn" enable="false"/> <supportedQOP xmi:type="orb.securityprotocol:IdentityAssertionQOP" xmi:id="IdentityAssertionQOP_nnn" enable="false"/> </layers> <layers xmi:type="orb.securityprotocol:MessageLayer" xmi:id="MessageLayer_nnn" authenticationLayerRetryCount="3"> <requiredQOP xmi:type="orb.securityprotocol:MessageQOP" xmi:id="MessageQOP_nnn" establishTrustInClient="false"/> <supportedQOP xmi:type="orb.securityprotocol:MessageQOP" xmi:id="MessageQOP_nnn" establishTrustInClient="true"/> </layers> <layers xmi:type="orb.securityprotocol:TransportLayer" xmi:id="TransportLayer_nnn"> <requiredQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_nnn" establishTrustInClient="false" enableProtection="false" confidentiality="false" integrity="true"/> <supportedQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_nnn" establishTrustInClient="false" enableProtection="true" confidentiality="true" integrity="true"/> <serverAuthentication xmi:id="IIOPTransport_nnn" sslConfig="hostManager/DefaultSSLSettings"/> </layers> </performs> </CSI> <IBM xmi:id="IIOPSecurityProtocol_nnn"> <claims xmi:type="orb.securityprotocol:SecureAssociationService" xmi:id="SecureAssociationService_nnn"> <layers xmi:type="orb.securityprotocol:TransportLayer" xmi:id="TransportLayer_nnn"> <supportedQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_nnn" enableProtection="true" confidentiality="true" integrity="true"/> <serverAuthentication xmi:id="IIOPTransport_nnn" sslConfig="hostManager/DefaultSSLSettings"/> </layers> </claims> <performs xmi:type="orb.securityprotocol:SecureAssociationService" xmi:id="SecureAssociationService_nnn"> <layers xmi:type="orb.securityprotocol:TransportLayer" xmi:id="TransportLayer_nnn"> <supportedQOP xmi:type="orb.securityprotocol:TransportQOP" xmi:id="TransportQOP_nnn" enableProtection="true" confidentiality="false" integrity="false"/> <serverAuthentication xmi:id="IIOPTransport_nnn" sslConfig="hostManager/DefaultSSLSettings"/> </layers> </performs> </IBM> <repertoire xmi:id="SSLConfig_nnn" alias="hostManager/DefaultSSLSettings"> <setting xmi:id="SecureSocketLayer_nnn" keyFileName="${USER_INSTALL_ROOT}/etc/DummyServerKeyFile.jks" keyFilePassword="{xor}CDo9Hgw=" keyFileFormat="JKS" trustFileName="${USER_INSTALL_ROOT}/etc/DummyServerTrustFile.jks" trustFilePassword="{xor}CDo9Hgw=" trustFileFormat="JKS" clientAuthentication="false" securityLevel="HIGH" enableCryptoHardwareSupport="false"> <cryptoHardware xmi:id="CryptoHardwareToken_nnn" tokenType="" libraryFile="" password="{xor}"/> <properties xmi:id="Property_nnn" name="com.ibm.ssl.protocol" value="SSLv3"/> <properties xmi:id="Property_nnn" name="com.ibm.ssl.contextProvider" value="IBMJSSE"/> </setting> </repertoire> <repertoire xmi:id="SSLConfig_nnn" alias="host21/DefaultSSLSettings"> <setting xmi:id="SecureSocketLayer_nnn" keyFileName="${USER_INSTALL_ROOT}/etc/DummyServerKeyFile.jks" keyFilePassword="{xor}CDo9Hgw=" keyFileFormat="JKS" trustFileName="${USER_INSTALL_ROOT}/etc/DummyServerTrustFile.jks" trustFilePassword="{xor}CDo9Hgw=" trustFileFormat="JKS" clientAuthentication="false" securityLevel="HIGH" enableCryptoHardwareSupport="false"> <cryptoHardware xmi:id="CryptoHardwareToken_nnn" tokenType="" libraryFile="" password="{xor}"/> <properties xmi:id="Property_nnn" name="com.ibm.ssl.protocol" value="SSLv3"/> <properties xmi:id="Property_nnn" name="com.ibm.ssl.contextProvider" value="IBMJSSE"/> </setting> </repertoire> <repertoire xmi:id="SSLConfig_nnn" alias="host31/DefaultSSLSettings"> <setting xmi:id="SecureSocketLayer_nnn" keyFileName="${USER_INSTALL_ROOT}/etc/DummyServerKeyFile.jks" keyFilePassword="{xor}CDo9Hgw=" keyFileFormat="JKS" trustFileName="${USER_INSTALL_ROOT}/etc/DummyServerTrustFile.jks" trustFilePassword="{xor}CDo9Hgw=" trustFileFormat="JKS" clientAuthentication="false" securityLevel="HIGH" enableCryptoHardwareSupport="false"> <cryptoHardware xmi:id="CryptoHardwareToken_nnn" tokenType="" libraryFile="" password="{xor}"/> <properties xmi:id="Property_nnn" name="com.ibm.ssl.protocol" value="SSLv3"/> <properties xmi:id="Property_nnn" name="com.ibm.ssl.contextProvider" value="IBMJSSE"/> </setting> </repertoire> <systemLoginConfig xmi:id="JAASConfiguration_nnn"> <entries xmi:id="JAASConfigurationEntry_nnn" alias="SWAM"> <loginModules xmi:id="JAASLoginModule_nnn" moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy" authenticationStrategy="REQUIRED"> <options xmi:id="Property_nnn" name="delegate" value="com.ibm.ws.security.server.lm.swamLoginModule"/> </loginModules> </entries> <entries xmi:id="JAASConfigurationEntry_nnn" alias="LTPA"> <loginModules xmi:id="JAASLoginModule_nnn" moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy" authenticationStrategy="REQUIRED"> <options xmi:id="Property_nnn" name="delegate" value="com.ibm.ws.security.server.lm.ltpaLoginModule"/> </loginModules> </entries> <entries xmi:id="JAASConfigurationEntry_nnn" alias="wssecurity.IDAssertion"> <loginModules xmi:id="JAASLoginModule_nnn" moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy" authenticationStrategy="REQUIRED"> <options xmi:id="Property_nnn" name="delegate" value="com.ibm.wsspi.wssecurity.auth.module.IDAssertionLoginModule"/> </loginModules> </entries> <entries xmi:id="JAASConfigurationEntry_nnn" alias="wssecurity.Signature"> <loginModules xmi:id="JAASLoginModule_nnn" moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy" authenticationStrategy="REQUIRED"> <options xmi:id="Property_nnn" name="delegate" value="com.ibm.wsspi.wssecurity.auth.module.SignatureLoginModule"/> </loginModules> </entries> <entries xmi:id="JAASConfigurationEntry_nnn" alias="LTPA_WEB"> <loginModules xmi:id="JAASLoginModule_nnn" moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy" authenticationStrategy="REQUIRED"> <options xmi:id="Property_nnn" name="delegate" value="com.ibm.ws.security.web.AuthenLoginModule"/> </loginModules> </entries> </systemLoginConfig> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/installAlias" userId="root" password="{xor}Lz4sLCgwLTs="/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain2-app1ROAlias" userId="b_wstest8_ro" password="{xor}KzosKwA9"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain2-app1RWAlias" userId="b_wstest8" password="{xor}KzosKwA9"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain1-app1RWalias" userId="b_domain1" password="{xor}KzosKwA9"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain1-app1ROalias" userId="b_domain1_ro" password="{xor}KzosKwA9"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain1-db2prodAlias" userId="db2prod" password="{xor}KzosKwA9"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain1-company2Alias" userId="company2" password="{xor}KzosKwA9"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain1-company1Alias" userId="edw" password="{xor}KzosKwA9"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain2-db2prodAlias" userId="db2prod" password="{xor}KzosKwA9"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain2-company2Alias" userId="company2" password="{xor}KzosKwA9"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain2-company1Alias" userId="edw" password="{xor}KzosKwA9"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/comp_user_ro" userId="comp_user_ro" password="{xor}KzosKwAs"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/comp_user" userId="comp_user" password="{xor}KzosKwAs"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain1-casAlias" userId="cas" password="{xor}KzosKwA9"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain2-casAlias" userId="cas" password="{xor}KzosKwA9"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain1-app2ROAlias" userId="s_domain1_ro" password="{xor}KzosKwAs"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain1-app2RWAlias" userId="s_domain1" password="{xor}KzosKwAs"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain1-hubRWAlias" userId="h_domain1" password="{xor}KzosKwA3"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain2-hubRWAlias" userId="h_domain2" password="{xor}KzosKwA3"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain2-app2ROAlias" userId="s_domain2_ro" password="{xor}KzosKwAs"/> <authDataEntries xmi:id="JAASAuthData_nnn" alias="hostManager/domain2-app2RWAlias" userId="s_domain2" password="{xor}KzosKwAs"/> <properties xmi:id="Property_nnn" name="security.enablePluggableAuthentication" value="true" required="false"/> <properties xmi:id="Property_nnn" name="com.ibm.security.useFIPS" value="false"/> </security:Security>