CSIv2 and SAS client configuration
A secure Java client requires configuration properties to determine how to perform security with a server.
These configuration properties are typically put into a properties file somewhere on the client system and referenced by specifying the following system property on the command line of the Java client. For example, this property accepts any valid web address.
-Dcom.ibm.CORBA.ConfigURL=file: profile_root/properties/sas.client.props
(ZOS)
-Dcom.ibm.CORBA.ConfigURL=file:/WebSphere/V5R0M0/AppServer/sas.client.props
(iSeries) When we use thin or thick clients, com.ibm.CORBA.ConfigURL is automatically set to the following file:
profile_root/properties/sas.client.propsWhen this file is processed by the Object Request Broker (ORB), security can be enabled between the Java client and the target server.
If any syntax problems exist with the ConfigURL property and the sas.client.props file is not found, the Java client proceeds to connect insecurely. Errors display indicating the failure to read the ConfigURL property. Typically the problem is related to having two slashes after file, which is not valid.
(ZOS) If any problems exist with the client properties file or there is no match with the server security, the Java client examines the server security for non-Common Secure Interoperability v2 (CSIv2) security mechanisms that might be available. If no match is found with the old, non-CSIv2 security either, the Java client attempts a nonsecure connection.
Use the following properties to configure the Secure Authentication Service (SAS) and CSIv2 authentication protocols:
Important: SAS is supported only between v6.0.x and previous version servers that have been federated in a v6.1 cell.
(ZOS) Use the following property to configure the CSIv2 authentication protocols:
Configure CSIv2 inbound and outbound communication settings