You can use settings in the sas.client.props file to configure Secure Authentication Service (SAS) and Common Secure Interoperability Version 2 (CSIv2) clients.
Use the following settings in the app_server_root/properties/sas.client.props file to configure SAS and CSIv2 clients.
Use to specify the number of retries that occur until either a successful authentication occurs or the maximum retry value is reached.
When the maximum retry value is reached, the authentication exception is returned to the client.
Setting | Value |
---|---|
Data type | Integer |
Default | 3 |
Range | 1-10 |
Use to specify that a failed login attempt is retried. This property determines if a retry occurs for other errors, such as stateful sessions that are not found on a server or validation failures at the server because of an expiring credential.
The minor code in the exception that is returned to a client determines which errors are retried. The number of retry attempts is dependent upon the com.ibm.CORBA.authenticationRetryCount property.
Setting | Value |
---|---|
Data type | Boolean |
Default | True |
Valid values | True, False |
Use to determine the type of authentication mechanism for sending security information from the client to the server.
If basic authentication is specified, the user ID and password are sent to the server. Using the Secure Sockets Layer (SSL) transport with this type of authentication is recommended; otherwise, the password is not encrypted. The target server must support the specified authentication target.
Setting | Value |
---|---|
Data type | String |
Default | BasicAuth |
Valid values | BasicAuth |
Use to specify the key file that is used to log in.
A key file is a file that contains a list of realm, user ID, and password combinations that a client uses to log into multiple realms. The realm that is used is the one found in the interoperable object reference (IOR) for the current method request. The value of this property is used when the com.ibm.CORBA.loginSource=key file is used.
Setting | Value |
---|---|
Data type | String |
Default | C;/WebSphere/AppServer/properties/wsserver.key |
Range | Any fully qualified path and file name of a WebSphere Application Server key file. |
Use to specify the password when a properties login is configured and message layer authentication occurs.
This property is valid only when com.ibm.CORBA.loginSource=properties. Also set the com.ibm.CORBA.loginUserid property.
Setting | Value |
---|---|
Data type | String |
Range | Any string that is appropriate for a password in the configured user registry of the server. |
Use to specify how the request interceptor attempts to log in if it does not find an invocation credential already set.
When you set com.ibm.CORBA.loginSource=none for a remote method invocation (RMI) connection, whether using scripting with wsadmin or from other clients, the logged-in user's credentials are inherited. There is no need to specify user and/or password at the command line or in the sas.client.props properties file. This inherited credential behavior when using com.ibm.CORBA.loginSource=none is only available on the z/OS platform.
Setting | Value |
---|---|
Data type | String |
Default | Prompt |
Valid values | Prompt, key file, stdin, none, properties |
Use to specify the length of time that the login prompt stays available before it is considered a failed login.
Setting | Value |
---|---|
Data type | Integer |
Units | Seconds |
Default | 300 (5 minute intervals) |
Range | 0 - 600 (10 minute intervals) |
Use to specify the user ID when a properties login is configured and message layer authentication occurs.
This property is valid only when com.ibm.CORBA.loginSource=properties. Also set the com.ibm.CORBA.loginPassword property.
Setting | Value |
---|---|
Data type | String |
Range | Any string that is appropriate for a user ID in the configured user registry of the server. |
Use to determine if security is enabled for the client process.
Setting | Value |
---|---|
Data Type | Boolean |
Default | True |
Valid values | True or false |
Use to determine if the user ID and password get validated immediately after the login data is entered when the authenticationTarget property is set to BasicAuth.
In previous releases, BasicAuth logins validated only with the initial method request. During the first request, the user ID and password are sent to the server. This request is the first time that the client can notice an error, if the user ID or password is incorrect. The validateBasicAuth method is specified and the validation of the user ID and password occurs immediately to the security server.
For performance reasons, you might want to disable this property if you do not want to verify the user ID and password immediately. If the client program can wait, it is better to have the initial method request flow to the user ID and password. However, program logic might not be this simple because of error handling considerations.
Setting | Value |
---|---|
Data type | Boolean |
Default | True |
Valid values | True, False |