sas.client.props

 


###############################################################################
#
#                             SAS Properties File
#
#  This file contains properties that are used by the Secure Association
#  Services (SAS) component of the WebSphere Application Server product.
#  SAS executes on WebSphere java servers and client systems with java
#  applications that access WebSphere servers.
#
#  ** SAS/CSIv2 Trace Instructions **
#
#  Note:  To enable logging of trace on the application client, add the 
#  following property to the startup script: -DtraceSetFile=filename.
#  Do not specify filename as a fully qualified path and filename, just
#  specify the filename.  The file must exist in the classpath to be loaded. 
#  A sample file is provided in <was_root>/properties/TraceSet.properties.
#
#  There are two related functions provided by this file: 
#
#    1.traceFileName property
#      This should be set to the fully qualified name of a file to which you want
#      output written. For example, traceFileName=c:\\MyTraceFile.log. This
#      property must be specified, otherwise no visible output is generated. 
#    2.Trace string
#      To enable SAS/CSIv2 trace, specify the trace string: SASRas=all=enabled
#
#  If you only want to trace specific classes, you can specify a trace filter by
#  adding the property com.ibm.CORBA.securityTraceFilter=<comma-separated class names>
#
#    com.ibm.CORBA.securityTraceFilter=SecurityConnectionInterceptor, CSIClientRI, SessionManager
#
#  ** Encoding Passwords in this File **
#
#  The PropFilePasswordEncoder utility may be used to encode passwords in a
#  properties file. To edit an encoded password, replace the whole password
#  string (including the encoding tag {...}) with the new password and then
#  encode the password with the PropFilePasswordEncoder utility. Refer to
#  product documentation for additional information.
#
###############################################################################

#------------------------------------------------------------------------------
# Client Security Enablement
#
# - security enabled status  ( false, true [default] )
#------------------------------------------------------------------------------
com.ibm.CORBA.securityEnabled=true

#------------------------------------------------------------------------------
# RMI/IIOP Authentication Protocol (sas, csiv2, both [default])
#
# Specify "both" when communicating with 5.0x and previous release servers.
# Specify "csiv2" when communicating with only 5.0x servers.
# Specify "sas" when communicating with only previous release servers. 
#------------------------------------------------------------------------------
com.ibm.CSI.protocol=both

#------------------------------------------------------------------------------
# Authentication Configuration
#
# - authenticationTarget       (BasicAuth [default], this is the only supported selection
#                               on a pure client for this release.  This is for message
#                               layer authentication only, SSL client certificate authentication
#                               is configured below under CSIv2 configuration.)
# - authenticationRetryEnabled (enables authentication retries if login fails when 
#                               loginSource=prompt or stdin)
# - authenticationRetryCount   (the number of times to retry)
# - source                     (prompt [default], properties, keyfile, stdin, none)
# - timeout                    (prompt timeout, specified in seconds, 0 min to 600 max [default 300])
# - validateBasicAuth          (determines if immediate authentication after uid/pw login, 
#                               or wait for method request to send uid/pw to server, 
#                               setting this to false gives the previous release behavior.)
# - securityServerHost         (when validateBasicAuth=true, this property might need to be set
#                               in order for security code to lookup SecurityServer.  Needs to be set to
#                               any running WebSphere server host in the cell you are authenticating to.
# - securityServerPort         (when validateBasicAuth=true, this property might need to be set
#                               in order for security code to lookup SecurityServer.  Needs to be set to
#                               the bootstrap port of the host chosen above.
# - loginUserid                (must be set if login source is "properties" )
# - loginPassword              (must be set if login source is "properties" )
# - principalName              (format: "realm/userid", only needed in cases where realm 
#                               is required. Typically the realm is already provided by the
#                               server via the IOR and this property is not necessary).
#
#------------------------------------------------------------------------------
com.ibm.CORBA.authenticationTarget=BasicAuth
com.ibm.CORBA.authenticationRetryEnabled=true
com.ibm.CORBA.authenticationRetryCount=3
com.ibm.CORBA.validateBasicAuth=true
com.ibm.CORBA.securityServerHost=
com.ibm.CORBA.securityServerPort=
com.ibm.CORBA.loginTimeout=300
com.ibm.CORBA.loginSource=prompt

# RMI/IIOP user identity
com.ibm.CORBA.loginUserid=
com.ibm.CORBA.loginPassword=
com.ibm.CORBA.principalName=

#------------------------------------------------------------------------------
# CSIv2 Configuration (see InfoCenter for more information on these properties).
#
# This is where you enable SSL client certificate authentication.  Must also 
# specify a valid SSL keyStore below with a personal certificate in it.
#------------------------------------------------------------------------------

# Does this client support stateful sessions?
com.ibm.CSI.performStateful=true

# Does this client support/require BasicAuth (userid/password) client authentication?
com.ibm.CSI.performClientAuthenticationRequired=false
com.ibm.CSI.performClientAuthenticationSupported=true

# Does this client support/require SSL client authentication?  
com.ibm.CSI.performTLClientAuthenticationRequired=false
com.ibm.CSI.performTLClientAuthenticationSupported=false

# Note: One can perform BasicAuth (uid/pw) and SSL client authentication (certificate)
# simultaneously, however, the BasicAuth identity will always take precedence at the server.

# Does this client support/require SSL connections?
com.ibm.CSI.performTransportAssocSSLTLSRequired=false
com.ibm.CSI.performTransportAssocSSLTLSSupported=true

# Does this client support/require 40-bit cipher suites when using SSL?
com.ibm.CSI.performMessageIntegrityRequired=true
com.ibm.CSI.performMessageIntegritySupported=true
# Note: This property is only valid when SSL connections are supported or required.

# Does this client support/require 128-bit cipher suites when using SSL?
com.ibm.CSI.performMessageConfidentialityRequired=false
com.ibm.CSI.performMessageConfidentialitySupported=true
# Note: This property is only valid when SSL connections are supported or required.

#------------------------------------------------------------------------------
# SSL Configuration
#
# - protocol                                    (SSL [default], SSLv2, SSLv3, TLS, TLSv1)
# - keyStoreType                                (JKS [default], JCEK, PKCS12)
# - trustStoreType                              (JKS [default], JCEK, PKCS12)
# - keyStore and trustStore                     (fully qualified path to file)
# - keyStoreClientAlias                         (string specifying ssl certificate alias to use from keyStore)
# - keyStorePassword and trustStorePassword     (string specifying password - encoded or not)
# - cipher suites                               (refer to InfoCenter for valid ciphers)
#
#    com.ibm.ssl.enabledCipherSuites=enabled_cipher_suites
#
#    Note: The com.ibm.ssl.enabledCipherSuites property defines the cipher
#          suites used for the SSL session. If this property is defined, it
#          overrides the default cipher suites defined for the specified QOP.
#
#------------------------------------------------------------------------------
com.ibm.ssl.protocol=SSL
com.ibm.ssl.keyStoreType=JKS
com.ibm.ssl.keyStore=/opt/WebSphere/DeploymentManager/etc/DummyClientKeyFile.jks
com.ibm.ssl.keyStorePassword={xor}CDo9Hgw\=
com.ibm.ssl.trustStoreType=JKS
com.ibm.ssl.trustStore=/opt/WebSphere/DeploymentManager/etc/DummyClientTrustFile.jks
com.ibm.ssl.trustStorePassword={xor}CDo9Hgw\=

#------------------------------------------------------------------------------
# Quality of Protection for the IBM protocol
#
# - perform  ( high [default], medium, low )
#------------------------------------------------------------------------------
com.ibm.CORBA.standardPerformQOPModels=high

#------------------------------------------------------------------------------
# CORBA Request Timeout (used when getting NO_RESPONSE exceptions, typically
#                        during high-stress loads.  Specify on all processes
#                        involved in the communications.)
#
# - timeout             (specified in seconds [default 180], 0 implies no timeout)
#
#    com.ibm.CORBA.requestTimeout=180
#------------------------------------------------------------------------------
com.ibm.CORBA.requestTimeout=180



 

 

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.