Use the following settings in the install_dir\properties\sas.client.props file to configure Security Authentication Service (SAS) and Common Secure Interoperability Version 2 (CSIv2) clients.
Data type: | Boolean |
Default: | True |
Valid values: | True or False |
The client can configure protocols of ibm, csiv2 or both as active. The only possible values for an authentication protocol are ibm, csiv2 and both. Do not use sas for the value of an authentication protocol. This restriction applies to both client and server configurations. The following list provides information about using each of these protocol options:
Data type: | String |
Default: | Both |
Valid values: | ibm, csiv2, both |
If basic authentication is specified, the user ID and password are sent to the server. Using the SSL transport with this type of authentication is recommended because otherwise the password is not encrypted. The target server must support the specified authenticationTarget.
If you specify Lightweight Third Party Authentication (LTPA), then LTPA must be the mechanism configured at the server for a method request to proceed securely.
Data type: | String |
Default: | BasicAuth |
Valid values: | BasicAuth, LTPA |
In past releases, BasicAuth logins only validated with the initial method request. During the first request, the user ID and password is sent to the server. This is the first time that the client can notice an error, if the user ID or password is incorrect. The validateBasicAuth method is specified and the validation of the user ID and password occurs immediately to the security server.
For performance reasons, you might want to disable this property if it is not desirable to verify the user ID and password immediately. If the client program can wait, it is better to have the initial method request flow to the user ID and password. However, program logic might not be as simple because of error handling considerations.
Data type: | Boolean |
Default: | True |
Valid values: | True or False |
The minor code in the exception that is returned to a client determines which errors are retried. The number of retry attempts is dependent upon the property com.ibm.CORBA.authenticationRetryCount.
Data type: | Boolean |
Default: | True |
Valid values: | True or False |
When the maximum retry value is reached, the authentication exception is returned to the client.
Data type: | Integer |
Default: | 3 |
Range: | 1-10 |
This property is only valid if message layer authentication occurs. If only transport layer authentication occurs, this property is ignored. When specifying properties, the following two additional properties need to be defined:
Data type: | String |
Default: | Prompt |
Valid values: | prompt, key file, stdin, none, properties |
This property is only valid when com.ibm.CORBA.loginSource=properties. Also, set the com.ibm.CORBA.loginPassword property.
Data type: | String |
Range: | Any string appropriate for a user ID in the configured user registry of the server. |
This property is only valid when com.ibm.CORBA.loginSource=properties. Also, set the com.ibm.CORBA.loginUserid property.
Data type: | String |
Range: | Any string appropriate for a password in the configured user registry of the server |
A key file is a file that contains a list of realm, user ID, and password combinations that a client uses to log into multiple realms. The realm used is the one found in the Interoperable Object Reference (IOR) for the current method request. The value of this property is used when com.ibm.CORBA.loginSource=key file is used.
Data type: | String |
Default: | C:/WebSphere/AppServer/properties/wsserver.key |
Range: | Any fully qualified path and file name of a WebSphere Application Server key file |
Data type: | Integer |
Units: | Seconds |
Default: | 300 (5 minute intervals) |
Range: | 0 - 600 (10 minute intervals) |