InfoCenter Home >
5: Securing applications -- special topics >
5.7: The Secure Association Service (SAS) >
5.7.5: SAS properties reference

5.7.5: SAS properties reference

This following describes the properties used in the configuration files sas.client.properties and sas.server.properties. These files contain lists of property-value pairs, using the syntax <property>=<value>.

The property names are case sensitive, but the values are not; the values are converted to lower case when the file is read. Note:  Secure Sockets Layer (SSL) settings are managed by the administrative console. Any editing changes made to the following properties in the sas.server.props file are overwritten at run time.

  • com.ibm.CORBA.SSLKeyRing
  • com.ibm.CORBA.SSLKeyRingPassword
  • com.ibm.CORBA.SSLServerKeyRing
  • com.ibm.CORBA.SSLServerKeyRingPassword
  • com.ibm.CORBA.SSLClientKeyRing
  • com.ibm.CORBA.SSLClientKeyRingPassword

In WebSphere Application Server version 4.0, some properties do not appear in the sas.server.props file. Instead, these properties must be configured by using the administrative console. The entry for each property indicates how it can be modified. Note:  Corruption of the sas.server.props file might cause the administrative server to fail to start. The sas.server.props file contains critical information for the administrative server. Back up the sas.server.props file regularly.

Authentication properties

com.ibm.CORBA.authenticationTarget
Specifies the mechanism for authenticating principals.

valid values: basicauth, localos, ltpa

default value: basicauth

client/server usage: can be directly edited in the sas.client.props file; the server-side value must be set by using the Security Center within the administrative console

com.ibm.CORBA.loginUserid
Holds the name of an authorized user of the user registry, used when the loginSource property is specified as properties. The corresponding password is stored in the loginPassword property.

valid values: a user name in the registry

default value: no default value

client/server usage: can be directly edited in the sas.client.props file; the server-side value must be set by using the Security Center within the administrative console

com.ibm.CORBA.loginPassword
Holds the password for the user named in the loginUserid property, use when the loginSource property is specified as properties.

valid values: the password for the user named in the loginUserid property

default value: no default value

client/server usage: can be directly edited in the sas.client.props file; the server-side value must be set by using the Security Center within the administrative console

com.ibm.CORBA.principalName
Specifies the principal under which the WebSphere administrative server runs. The format is REALM/userID.

valid values: a realm name and a user name in the registry

default value: no default value

client/server usage: can be directly edited in the sas.client.props file; the server-side value must be set by using the Security Center within the administrative console

com.ibm.CORBA.loginSource
Indicates the source for the user IDs and passwords.

valid values: prompt, properties, stdin, key file, none

  • The value stdin is supported only in the sas.client.props file.
  • The value none is typically used for applications that perform programmatic logins before they require credentials on a thread of execution.

default value: prompt

client/server usage: sas.client.props and sas.server.props

com.ibm.CORBA.loginTimeout
Specifies the length of time (in seconds) for which the login window is displayed to a user for entering login information (realm, user ID, password).

valid values: 0 to 600 (0 to 10 minutes)

default value: 300 (5 minutes)

client/server usage: sas.client.props and sas.server.props

SSL Properties

For more information on configuring SSL, see 5.7.3: ORB SSL Configuration.

Miscellaneous properties

com.ibm.CORBA.securityEnabled
Indicates whether security is enabled or not.

valid values: false, no, true, yes

default value: true

client/server usage: can be directly edited in the sas.client.props file; the server-side value must be set by using the Security Center within the administrative console

com.ibm.CORBA.bootstrapRepositoryLocation
Holds the full path of the bootstrap repository file, which contains information about security properties needed during the boot process.

valid values: the absolute path to the repository file

default value: <server_root>/etc/secbootstrap

client/server usage: sas.server.props only

Trace and message properties

com.ibm.CORBA.securityDebug
Specifies whether debugging messages are displayed on the console or not.

valid values: console, false, no, true

default value: false

client/server usage: sas.client.props and sas.server.props

com.ibm.CORBA.securityTraceLevel
Determines the level of tracing provided.

valid values: none, basic, intermediate, advanced

  • Trace level basic reports basic messages and is rarely used
  • Trace level intermediate is typically used to troubleshoot long-run problems to minimize tracing
  • Trace level advanced is used in most cases for troubleshooting

default value: none

client/server usage: sas.client.props and sas.server.props

com.ibm.CORBA.securityTraceOutput
Determine the output file for SAS when file, fileappend, or both are chosen for the output mode properties (securityActivityOutputMode, securityErrorsOutputMode, securityExceptionsOutputMode, or securityTraceOutputMode).

valid values: a valid path and file name in the file system.

default value: <server.root>/logs/sas.log

client/server usage: sas.client.props and sas.server.props

com.ibm.CORBA.securityActivityOutputMode
Determines where to direct activity messages.

valid values: none, file, fileappend, console, both

  • file: output goes to the destination set in the com.ibm.CORBA.securityTraceOutput property and a new file is created after each server restart.
  • fileappend: output goes to the destination in the com.ibm.CORBA.securityTraceOutput property and new output is appended after each server restart.
  • console: output is redirected to the standard output stream.
  • both: output is redirected to both the standard output stream and to the destination set in the com.ibm.CORBA.securityTraceOutput property, and a new file is created after each server restart.
  • none: no output occurs.

default value: file

client/server usage: sas.client.props and sas.server.props

com.ibm.CORBA.securityErrorsOutputMode
Determines where to direct error messages.

valid values: none, file, fileappend, console, both
(The values work as described for the securityActivityOutputMode property.)

default value: both

client/server usage: sas.client.props and sas.server.props

com.ibm.CORBA.securityExceptionsOutputMode
Determines where to direct exception messages.

valid values: none, file, fileappend, console, both
(The values work as described for the securityActivityOutputMode property.)

default value: file

client/server usage: sas.client.props and sas.server.props

com.ibm.CORBA.securityTraceOutputMode
Determines where to direct trace messages. Client and server side.

valid values: none, file, fileappend, console, both
(The values work as described for the securityActivityOutputMode property.)

default value: file

client/server usage: sas.client.props and sas.server.props

Go to previous article: SAS Trace Go to next article: SAS Programming Introduction

 

 
Go to previous article: SAS Trace Go to next article: SAS Programming Introduction