orb - Object Request Broker (ORB) (orb)

Configuration for a server or client ORB. Specify either the nameService attribute for a client ORB or one or more iiopEndpoint references for a server ORB.

NameTypeDefaultDescription
idstringA unique configuration ID.
nameServicestringcorbaname::localhost:2809Optional URL for the remote name service, for example corbaname::localhost:2809
iiopEndpointRefList of references to top level iiopEndpoint elements (comma-separated string).defaultIiopEndpointOptional IIOP Endpoint describing the ports open for this ORB

iiopEndpoint

Optional IIOP Endpoint describing the ports open for this ORB

NameTypeDefaultDescription
idstringA unique configuration ID.
hoststringlocalhostIP address, domain name server (DNS) host name with domain name suffix, or just the DNS host name
iiopPortintPort for the unsecured server socket opened by this IIOP endpoint
tcpOptionsRefA reference to top level tcpOptions element (string).defaultTCPOptionsTCP protocol options for the IIOP endpoint

iiopEndpoint > tcpOptions

TCP protocol options for the IIOP endpoint

NameTypeDefaultDescription
inactivityTimeoutA period of time with millisecond precision60sAmount of time to wait for a read or write request to complete on a socket. This value is overridden by protocol-specific timeouts. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
soReuseAddrbooleantrueEnables immediate rebind to a port with no active listener.

iiopEndpoint > iiopsOptions

Specification of a secured server socket opened by this IIOP endpoint

NameTypeDefaultDescription
idstringA unique configuration ID.
iiopsPortintSpecify the port to be configured with the SSL options.
sessionTimeoutA period of time with second precision1dAmount of time to wait for a read or write request to complete on a socket. This value is overridden by protocol-specific timeouts. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
suppressHandshakeErrorsbooleanfalseDisable logging of SSL handshake errors. SSL handshake errors can occur during normal operation, however these messages can be useful when SSL is behaving unexpectedly.
sslRefA reference to top level ssl element (string).The default SSL configuration repertoire. The default value is defaultSSLSettings.
sslSessionTimeoutA period of time with millisecond precision8640msThe timeout limit for an SSL session that is established by the SSL Channel. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

clientPolicy.csiv2

A unique configuration ID.

NameTypeDefaultDescription
idstringA unique configuration ID.

clientPolicy.csiv2 > layers

Specify the CSIv2 layers like transport, authentication, and attribute.

clientPolicy.csiv2 > layers > attributeLayer

Determine the attribute layer options to be performed by the client for outgoing CSIv2 requests.

NameTypeDefaultDescription
identityAssertionEnabledbooleanfalseIndicate by true or false whether identity assertion is enabled. Default is false.
trustedIdentitystringThe trusted identity used to assert an entity to the remote server.
trustedPasswordReversably encoded password (string)Specify the password that is used with the trusted identity.

clientPolicy.csiv2 > layers > attributeLayer > identityAssertionTypes

Specify the supported identity token types for identity assertion.

clientPolicy.csiv2 > layers > authenticationLayer

Determine the authentication mechanisms and association options to be performed by the client for outgoing CSIv2 requests.

NameTypeDefaultDescription
establishTrustInClient
  • Required
  • Never
  • Supported
SupportedSpecify if this association option is Supported, Required, or Never used for this layer. It indicates authentication requirements at the authentication layer.
Required
The association option is required
Never
The association option must not be used
Supported
The association option is supported

clientPolicy.csiv2 > layers > authenticationLayer > mechanisms

Specifies authentication mechanisms as a comma separated list. For example: GSSUP, LTPA

clientPolicy.csiv2 > layers > transportLayer

Configure how to trust the client.

NameTypeDefaultDescription
sslEnabledbooleantrueIndicate by true or false whether SSL is enabled for CSIv2 requests. Default is true and is the recommended value. If this attribute is set to false, sensitive information such as passwords and tokens are sent over unsecured channels when using IIOP.
sslRefA reference to top level ssl element (string).Specify the SSL configuration needed to establish a secure connection.

clientPolicy.clientContainerCsiv2

A unique configuration ID.

NameTypeDefaultDescription
idstringA unique configuration ID.

clientPolicy.clientContainerCsiv2 > layers

Specify the CSIv2 layers like transport, authentication, and attribute.

clientPolicy.clientContainerCsiv2 > layers > authenticationLayer

Determine the authentication mechanisms and association options to be performed by the client for outgoing CSIv2 requests.

NameTypeDefaultDescription
establishTrustInClient
  • Required
  • Never
  • Supported
SupportedSpecify if this association option is Supported, Required, or Never used for this layer. It indicates the authentication requirements at the authentication layer.
Required
The association option is required
Never
The association option must not be used
Supported
The association option is supported
userstringThe user name that is used to login to the remote server.
passwordReversably encoded password (string)The user password that is used with the user name.

clientPolicy.clientContainerCsiv2 > layers > authenticationLayer > mechanisms

Specifies authentication mechanisms as a comma separated list. For example: GSSUP

clientPolicy.clientContainerCsiv2 > layers > transportLayer

Configure how to trust the client.

NameTypeDefaultDescription
sslEnabledbooleantrueIndicate by true or false whether SSL is enabled for CSIv2 requests. Default is true and is the recommended value. If this attribute is set to false, sensitive information such as passwords and tokens are sent over unsecured channels when using IIOP.
sslRefA reference to top level ssl element (string).Specify the SSL configuration needed to establish a secure connection.

serverPolicy.csiv2

A unique configuration ID.

NameTypeDefaultDescription
idstringA unique configuration ID.

serverPolicy.csiv2 > layers

Specify the CSIv2 layers like transport, authentication, and attribute.

serverPolicy.csiv2 > layers > attributeLayer

Determine the attribute layer options that are claimed by the server for incoming CSIv2 requests.

NameTypeDefaultDescription
identityAssertionEnabledbooleanfalseIndicate by true or false whether identity assertion is enabled. Default is false.
trustedIdentitiesstringSpecify a pipe (

serverPolicy.csiv2 > layers > attributeLayer > identityAssertionTypes

Specify the supported identity token types for identity assertion.

serverPolicy.csiv2 > layers > authenticationLayer

Determine the authentication mechanisms and association options that are claimed by the server for incoming CSIv2 requests.

NameTypeDefaultDescription
establishTrustInClient
  • Required
  • Never
  • Supported
RequiredSpecify if this association option is Supported, Required, or Never used for this layer. It indicates authentication requirements at the authentication layer.
Required
The association option is required
Never
The association option must not be used
Supported
The association option is supported

serverPolicy.csiv2 > layers > authenticationLayer > mechanisms

Specifies authentication mechanisms as a comma separated list. For example: GSSUP, LTPA

serverPolicy.csiv2 > layers > transportLayer

Configure how to trust the client.

NameTypeDefaultDescription
sslEnabledbooleantrueIndicate by true or false whether SSL is enabled for CSIv2 requests. Default is true and is the recommended value. If this attribute is set to false, sensitive information such as passwords and tokens are sent over unsecured channels when using IIOP.
sslRefA reference to top level ssl element (string).Specify the SSL configuration needed to establish a secure connection.