|
|
|
|
Controls the degree of logging. Acceptable values are: LEVEL_WARN, LEVEL_NOTICE, LEVEL_INFO, and LEVEL_DEBUG strings.
|
|
|
By default, log output is to std::cerr. You can use this property to redirect the log output to a named file.
|
|
|
|
|
|
Note: To use secure transport only, the secureTransport property must also be set to true.
|
|
|
This is a server-side only property. It defines whether the server transport is: CLEAR_ONLY, SECURE_ONLY or ALL. This property will not take effect when the secureTransport property is set to false.
|
|
|
If this property is set to true, it disables all security services.
|
|
|
|
|
|
CmdLineCallbackHandler has password echo on, while HostCallbackHandler has password echo off. For more information, see “VisiSecure for C++ APIs”.
|
|
|
|
|
|
|
|
|
If set to true at initialization-time this property tries to login to all the realms listed by property vbroker.security.login.realms.
|
|
|
|
|
|
|
|
|
When set to true, the security service behaves as follows. If the security service cannot find an identity for any of the targets supported by a server it is attempting to communicate with, it then attempts to acquire credentials for one of the targets in the target object's IOR. If a corresponding authentication realm is available for this target (that the user chooses to provide credentials for), then authentication is also attempted locally.
|
|
|
|
|
|
|
|
|
When set to true, enables dynamic loading of the RoleDB file specified in vbroker.security.domain.<domain_name>.rolemap_path property. The interval of dynamic loading is specified by property vbroker.security.domain.<domain_name>.rolemap_refreshTimeInSeconds.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Value can be true or false.
|
|
|
REQUIRE—Peer certificates are required to establish a connection. If the peer does not present its certificates, the connection will be refused. Peer certificates will also be authenticated, if not valid, the connection will be refused. If required, transport identity can be established using these certificates. In this mode, peer certificates are not required to be trusted.
REQUIRE_AND_TRUST—Same as REQUIRE mode, except that the peer certificates need to be trusted, otherwise the connection will be refused.
REQUEST—Peer certificates will be requested. The peer is not required to have certificates; no transport identity will be established when peer does not have certificates. However, if a peer does present certificates, the certificates will be authenticated; if not valid, the connection will be refused. If required, transport identity can be established using these certificates. In this mode, peer certificates are not required to be trusted.
REQUEST_AND_TRUST—Same as REQUEST mode except that the peer certificates need to be trusted, otherwise the connection will be refused.
NONE—Authentication is not required. During handshake, no certificate request will be sent to the peer. Regardless of whether the peer has certificates, a connection will be accepted. There will be no transport identity for the peer.
|
|
|
|
|
|
Use to specify a list of trusted roles (specify with the format <role>@<authorization_domain>). <n> is uniquely identified for each trust assertion rule as a list of digits.
For example, setting vbroker.security.assertions.trust.1=ServerAdmin@default means this process trusts any assertion made by the ServerAdmin role in the default authorization domain.
|
|
|
Setting to true will trust all assertions made by peers.
|
|
|
A server side only property. If the server requires the client to send a Username/Password for authentication (regardless of certificate-based authentication), set to true. If vbroker.security.login.realms is set, this property is automatically set to true. However, you can override it by explicitly setting it in the property file.
|
|
|
|
|
|
|
|
|
Points to a directory within the path defined in vbroker.security.wallet.type that contains keys and/or certificate information for a specific identity.
|
|
|
|
|
|
If set to true, the client will add support for NoDelegate in TAG_SSL_SEC_TRANS tag.
|
|
|
|
|
|
|
|
|
In this mode, the library negotiates using only TLS 1.0, but begins by sending an SSL 2.0 “Hello”. This mode behaves in the same way as SSL_Version_3_0_With_2_0_Hello, but applies to TSL 1.0. If the OpenSSL security provider is selected, it also allows use of TLS1.1 and TLS1.2.
|
|
|
|
|
|
|
|