|
|
|
|
|
|
|
|
|
|
This property together with the secureTransport property controls the default QoP on the client-side. If both set to true then transport QoP is set to SECURE_ONLY, which means the client will only accept secure transport. If either of them is set to false then Client does not mandate security at the transport layer.
|
|
|
This property is used on the server side to define server transport QoP. Acceptable values are CLEAR_ONLY, SECURE_ONLY or ALL. This allows the client that needs either CLEAR_ONLY or SECURE_ONLY to be able to connect to a server. This property will take effect only when property secureTransport is true.
|
|
|
Set this to true if the server requires the client to send a Username/Password for authentication (regardless of certificate-based authentication). This is a server-side property.
|
|
|
If set to true, disables all security services.
|
|
|
This property is used to select a security transport protocol. For a standard list of protocol version names, go to https://docs.oracle.com/en/java/javase/<javaversion>/docs/specs/security/standard-names.html#sslcontext-algorithms. For example:
|
|
vbroker.security. requireAuthentication
|
|
|
vbroker.security. enableAuthentication
|
Note: This property is deprecated. See “Authentication” for recommended methods of specifying authentication.
Server-side only property. This back-compatible property is used for supporting PasswordBackEnd style authentication. When set to true, the program will try to construct the specified PasswordBackEnd for authenticating.
|
|
|
CmdLineCallbackHandler has password echo on, while HostCallbackHandler has password echo off.
|
|
|
|
|
|
|
|
|
|
|
|
If set to true, at initialization-time this property tries to login to all the realms listed by property vbroker.security.login.realms.
|
|
|
|
|
|
|
|
|
When set to true the security service will attempt to reacquire authentication information using the CallbackHandler. This property require the callback handler to be set either using the appropriate property or at runtime by calling the appropriate method.
|
|
|
When set to true, the security service behaves as follows: If the security service cannot find an identity for any of the targets supported by a server it is attempting to communicate with, it will then attempt to acquire credentials for one of the targets in the target object's IOR. If a corresponding authentication realm is available for this target (that the user chooses to provide credentials for), then authentication is also attempted locally.
|
|
|
|
|
vbroker.security.domain. <domain_name>.rolemap_path
|
|
|
vbroker.security.domain. <domain_name>.rolemap_enableRefresh
|
When set to true, enables dynamic loading of the RoleDB file specified in vbroker.security.domain.<domain_name>.rolemap_path property. The interval of dynamic loading is specified by property vbroker.security.domain.<domain_name>.rolemap_refreshTimeInSeconds.
|
|
vbroker.security.domain. <domain_name>. rolemap_refreshTimeInSeconds
|
|
|
vbroker.security.domain. <domain name>.runas. <run_as_role_name>
|
Specifies the name of the run-as role. The value can be either use-caller-identity to have the caller principal be in the run-as role, or specify an alias for a run-as principal for the run-as role name.
|
|
vbroker.security.domain. <domain_name>.defaultAccessRule
|
Specifies whether to grant or deny access to the domain by default in the absence of security roles for the provided domain. Acceptable values are grant or deny.
|
|
vbroker.security. peerAuthenticationMode
|
Note that the REQUEST and REQUEST_AND_TRUST modes cannot receive peer certificate chains due to JSSE restrictions.
|
|
vbroker.security. trustpointsRepository
|
Specifies a path to the directory containing trusted certificates and CRLs or to a trusted Keystore whose values are implementations of TrustedCertificateEntry. Default values are either a directory, given in the format Directory:<path_to_certs> or a Keystore, given in the format Keystore:<path_to_keystore>.
|
|
|
If set to true, the JSSE default trust files like cacerts and jssecacerts, if present in JRE, will be used to load trusted certificates.
|
|
|
This property is used to specify a list of trusted roles (specified with the format <role>@<authorization_domain>). <n> is a uniquely identified for each trust assertion rule as a list of digits.
For example, setting vbroker.security.assertions.trust.1=ServerAdmin@default means this process trusts any assertion made by the ServerAdmin role in the default authorization domain.
|
|
|
Setting to true will trust all the assertion made by peers.
|
|
|
|
|
|
Set this to true for enabling Server Manager operations on a Secure Server.
|
|
|
Points to a security domain listed in vbroker.security.authDomains. The specified domain is used for the Server Manager's role-based access control checks. A rolemap must be specified for the domain.
|
|
|
|
|
|
|
|
|
Use the Directory value to point to the directory containing the directories for all identities.
Use the PKCS12 value to configure the PKCS#12 keystore directory. See “PKCS#12-based authentication using KeyStores” for details.
|
|
|
If the vbroker.security.wallet.type is set to Directory, use to point to a sub-directory within the path defined in vbroker.security.wallet.type that contains keys and/or certificate information for a specific identity. Note that the value of this property must consist only of lower-case letters.
If vbroker.security.wallet.type is set to PKCS12, the VisiBroker for Java secure client then looks for a file <identity>.p12 in the <path_to_PKCS#12_KeyStore> folder.
|
|
|
|
|
vbroker.security.TSS. authenticationTimeToLive
|
|
|
|
|
|
|
where xyz can be any string.
|
|
vbroker.security. supportIdentityAssertion
|
The default value is true. When set to true, it will set the corresponding bit in the component. When set to false, it will reset it.
|
|
|
If set to true, the client will add support for NoDelegate in TAG_SSL_SEC_TRANS tag.
|
|
|
|
|
|
|
|
|
A server side property. Set to true to have the server require certificates from the client. These certificates must also be trusted by the server by setting the appropriate server-side trust properties. For more information, see the vbroker.security.trustpointsRepository property and the vbroker.security.defaultJSSETrust property.
|
|
|
|
|
|
|
|
|
|
|
|
If this property is set to the default false, the CSS will simply propagate the exception received. If this property is set to true, the CSS throws a BAD_PARAM exception instead, stating that the SAS Context is missing.
|
|
|
If this property is set to the default false then a CORBA_BAD_PARAM error is thrown, such as:
If this property is set to true then the exception thrown is instead a NO_PERMISSION, as is the usual case for SSL exceptions in VisiBroker. For example:
|
|
|
|
|