+

Search Tips   |   Advanced Search

Security custom properties

Use this page to understand the predefined custom properties that are related to security.

To view this console page, click Security > Secure administration, applications, and infrastructure > Custom properties. You can click New to add a new custom property and its associated value.

com.ibm.CSI.rmiInboundLoginConfig

This property specifies the Java Authentication and Authorization Service (JAAS) login configuration that is used for Remote Method Invocation (RMI) requests that are received inbound.

By knowing the login configuration, you can plug in a custom login module that can handle specific cases for RMI logins.

Default system.RMI_INBOUND

com.ibm.CSI.rmiOutboundLoginConfig

This property specifies the JAAS login configuration that is used for RMI requests that are sent outbound.

Primarily, this property prepares the propagated attributes in the Subject to be sent to the target server. However, you can plug in a custom login module to perform outbound mapping.

Default system.RMI_OUTBOUND

com.ibm.CSI.supportedTargetRealms

This property enables credentials that are authenticated in the current realm to be sent to any realm that is specified in the Trusted target realms field. The Trusted target realms field is available on the CSIv2 outbound authentication panel. This property enables those realms to perform inbound mapping of the data from the current realm. It is not recommended that you send authentication information to an unknown realm. Thus, this provides a way to specify that the alternate realms are trusted. To access the CSIv2 outbound authentication panel, complete the following steps:

  1. Click Security > Secure administration, applications, and infrastructure.

  2. Under RMI/IIOP security, click CSIv2 outbound authentication.

com.ibm.audit.auditPolicy

This property is used by the auditing service that was introduced as a technical preview in V6. The auditing functionality is not available. Do not modify this property.

Default REQUIRED

com.ibm.audit.auditQueueSize

This property is used by the auditing service that was introduced as a technical preview in V6. The auditing functionality is not available. Do not modify this property.

Default 5000

com.ibm.audit.auditServiceEnabled

This property is used by the auditing service that was introduced as a technical preview in V6. The auditing functionality is not available. Do not modify this property.

Default false

com.ibm.audit.auditSpecification

This property is used by the auditing service that was introduced as a technical preview in V6. The auditing functionality is not available. Do not modify this property.

Default J2EE=AUTHN=failure=enabled:J2EE=AUTHZ=failure=enabled

com.ibm.security.useFIPS

Specify that Federal Information Processing Standard (FIPS) algorithms are used. The appserver uses the IBMJCEFIPS cryptographic provider instead of the IBMJCE cryptographic provider.

Default false

com.ibm.websphere.security.audit.auditEventFactory

This property is used by the auditing service that was introduced as a technical preview in V6. The auditing functionality is not available. Do not modify this property.

Default J2EE=com.ibm.ws.security.audit.defaultAuditEventFactoryImpl

com.ibm.ws.security.defaultLoginConfig

This property is the JAAS login configuration that is used for logins that do not fall under the WEB_INBOUND, RMI_OUTBOUND, or RMI_INBOUND login configuration categories.

Internal authentication and protocols that do not have specific JAAS plug points call the system login configuration that is referenced by com.ibm.ws.security.defaultLoginConfig configuration.

Default system.DEFAULT

com.ibm.ws.security.ssoInteropModeEnabled

This property determines whether to send LtpaToken2 and LtpaToken cookies in the response to a Web request (interoperable).

When this property value is false, the appserver just sends the new LtpaToken2 cookie which is stronger, but not interoperable with some other products and Application Server releases prior to V5.1.1. In most cases, the old LtpaToken cookie is not needed and you can set this property to false.

Default true

com.ibm.ws.security.webChallengeIfCustomSubjectNotFound

This property determines the behavior of a single sign-on LtpaToken2 login.

When this property value is set to true, the token contains a custom cache key, and the custom Subject cannot be found, the token is used to log in directly as the custom information needs to be gathered again. A challenge occurs so that the user to login again. When this property value is set to false and the custom Subject is not found, the LtpaToken2 is used to login and gather all of the registry attributes. However, the token might not obtain any of the special attributes that downstream applications might expect.

Default true

com.ibm.ws.security.webInboundLoginConfig

This property is the JAAS login configuration that is used for Web requests that are received inbound.

By knowing the login configuration, you can plug in a custom login module that can handle specific cases for Web logins.

Default system.WEB_INBOUND

com.ibm.ws.security.webInboundPropagationEnabled

This property determines whether a received LtpaToken2 cookie should search for the propagated attributes locally before searching the original login server that is specified in the token. After the propagated attributes are received, the Subject is regenerated and the custom attributes are preserved.

You can configure the data replication service (DRS) to send the propagated attributes to front-end servers such that a local dynacache lookup can find the propagated attributes. Otherwise, an MBean request is sent to the original login server to retrieve these attributes.

Default true

com.ibm.wsspi.security.audit.auditServiceProvider

This property is used by the auditing service that was introduced as a technical preview in V6. The auditing functionality is not available. Do not modify this property.

Default DEFAULT = com.ibm.ws.security.audit.defaultAuditServiceProviderImpl

com.ibm.wsspi.security.ltpa.tokenFactory

This property specifies the LTPA token factories that can be used to validate the LTPA tokens.

Validation occurs in the order in which the token factories are specified because LTPA tokens do not have object identifiers (OIDs) that specify the token type. The Application Server validates the tokens using each token factory until validation is successful. The order that is specified for this property is the most likely order of the received tokens. Specify multiple token factories by separating them with a pipe (|) without spaces before or following the pipe.

Default com.ibm.ws.security.ltpa.LTPATokenFactory | com.ibm.ws.security.ltpa.LTPAToken2Factory | com.ibm.ws.security.ltpa.AuthzPropTokenFactory

com.ibm.wsspi.security.token.authenticationTokenFactory

This property specifies the implementation that is used for an authentication token in the attribute propagation framework. The property provides an old LTPA token implementation for use as the authentication token.

Default com.ibm.ws.security.ltpa.LTPATokenFactory

com.ibm.wsspi.security.token.authorizationTokenFactory

This property specifies the implementation that is used for an authorization token. This token factory encodes the authorization information.

Default com.ibm.ws.security.ltpa.AuthzPropTokenFactory

com.ibm.wsspi.security.token.propagationTokenFactory

This property specifies the implementation that is used for a propagation token. This token factory encodes the propagation token information.

The propagation token is on the thread of execution and is not associated with any specific user Subjects. The token follows the invocation downstream wherever the process leads.

Default com.ibm.ws.security.ltpa.AuthzPropTokenFactory

com.ibm.wsspi.security.token.singleSignonTokenFactory

This property specifies the implementation that is used for a Single Sign-on (SSO) token. This implementation is the cookie that is set when propagation is enabled regardless of the state of the com.ibm.ws.security.ssoInteropModeEnabled property.

By default, this implementation is the LtpaToken2 cookie.

Default com.ibm.ws.security.ltpa.LTPAToken2Factory

security.enablePluggableAuthentication

This property is no longer used. Instead, use WEB_INBOUND login configuration. Complete the following steps to modify the WEB_INBOUND login configuration:

  1. Click Security > Secure administration, applications, and infrastructure.

  2. Under Java Authentication and Authorization Service, click System logins.

Default true



 

Related tasks


Enabling security for the realm

 

Related Reference


Common Secure Interoperability V2 outbound authentication settings
System login configuration entry settings for Java Authentication and Authorization Service

 

Reference topic