Set CSIV2 inbound and outbound communication settings
We can specify IIOP authentication for inbound and outbound authentication requests.
- For inbound requests, we can specify the type of accepted authentication, such as basic authentication.
- For outbound requests, we can specify request properties for downstream servers such as...
- type of authentication
- identity assertion
- login configurations
Complete the following steps to configure CSIV2 and SAS.
SAS is supported only between V6.0.x and previous version servers that have been federated in a V6.1 cell.
- Determine how to configure security inbound and outbound at each point in the infrastructure.
For example, we might have a Java client communicating with an EJB appserver, which in turn communicates to a downstream EJB appserver.
The Java client utilizes sas.client.props to configure outbound security. Pure clients must configure outbound security only.
The upstream EJB appserver configures inbound security to handle the correct type of authentication from the Java client. The upstream EJB appserver utilizes the outbound security configuration when going to the downstream EJB appserver.
This type of authentication might be different than what you expect from the Java client into the upstream EJB application server. Security might be tighter between the pure client and the first EJB server, depending on the infrastructure. The downstream EJB server utilizes the inbound security configuration to accept requests from the upstream EJB server. These two servers require similar configuration options as well. If the downstream EJB appserver communicates to other downstream servers, the outbound security might require a special configuration.
- Specify the type of authentication.
By default, authentication by a user ID and password is performed.
Both Java client certificate authentication and identity assertion are disabled by default. If we want this type of authentication performed at every tier, use the CSIv2 authentication protocol configuration as is. However, if we have any special requirements where some servers authenticate differently from other servers, consider how to configure CSIv2 to its best advantage.
- Set clients and servers.
Set a pure Java client is done through sas.client.props, where properties are modified.
Configuring servers is always done from the admin console or scripting, either from the security navigation for cell-level configurations or from the server security of the appserver for server-level configurations. If we want some servers to authenticate differently from others, modify some of the server-level configurations. When you modify the server-level configurations, we are overriding the cell-level configurations.
Use CSIV2 inbound communications settings for configuring the type of authentication information contained in an incoming request or transport.
Use CSIV2 outbound communications settings to specify the features that a server supports when acting as a client to another downstream server.
Set CSIV2 inbound communications
Set CSIV2 outbound communications
Set inbound transports
Set outbound transports
Set inbound messages
Set outbound messages
CSIv2 and SAS client configuration
Example 1: Set basic authentication and identity assertion
Example 2: Set basic authentication, identity assertion, and client certificates
Example 3: Set client certificate authentication and RunAs system
Example 4: Set TCP/IP transport using a virtual private network