CSIv2 and Security Authentication Service (SAS) client configuration
A secure Java client requires configuration properties to determine how to perform security with a server.
These configuration properties are typically put into a properties file somewhere on the client system and referenced by specifying the following system property on the command line of the Java client. For example, this property accepts any valid web address.
-Dcom.ibm.CORBA.ConfigURL=file: profile_root/properties/sas.client.props
(zos)
-Dcom.ibm.CORBA.ConfigURL=file:/WebSphere/V5R0M0/AppServer/sas.client.props
(iseries) When you use thin or thick clients, com.ibm.CORBA.ConfigURL is automatically set to the following file:
profile_root/properties/sas.client.props
- When this file is processed by the Object Request Broker (ORB), security can be enabled between the Java client and the target server.
If any syntax problems exist with the ConfigURL property and the sas.client.props file is not found, the Java client proceeds to connect insecurely. Errors display indicating the failure to read the ConfigURL property. Typically the problem is related to having two slashes after file, which is not valid.
(zos) If any problems exist with the client properties file or there is no match with the server security, the Java client examines the server security for non-CSIv2 (CSIv2) security mechanisms that might be available. If no match is found with the old, non-CSIv2 security either, the Java client attempts a nonsecure connection.
Use the following properties to configure the Secure Authentication Service (SAS) and CSIv2 authentication protocols:
SAS supported only between Version 6.0.x and previous version servers that have been federated in a Version 6.1 cell.
(zos) Use the following property to configure the CSIv2 authentication protocols:
Subtopics
- Authentication protocol settings for a client configuration
We can use settings in the sas.client.props file to configure Security Authentication Service (SAS) and CSIv2 (CSIv2) clients.
- (zos) CSIv2 authentication protocol client settings
This page documents the properties that are valid for the CSIv2 protocol only.
- (iseries)(dist) Security Authentication Service authentication protocol client settings
In addition to those properties which are valid for both Security Authentication Service (SAS) and CSIv2 (CSIv2), properties which are valid only for the SAS authentication protocol are also documented.
Related tasks
Configure CSIv2 (CSIV2) inbound and outbound communication settings