Administration Console Online Help

Remote Tuxedo Access Points --> Security

Overview

Access Control Lists (ACLs) limit the access to local services within a local Tuxedo access point by restricting the remote Tuxedo access points that can execute these services. Inbound policy from a remote Tuxedo access point is specified using the AclPolicy element. Outbound policy towards a remote Tuxedo access point is specified using the CredentialPolicy element. This allows WebLogic Server and Tuxedo applications to share the same set of users and the users are able to propagate their credentials from one system to the other.

This release of WebLogic Tuxedo Connector provides the following AppKey Generator plug-ins to provide user security information to Tuxedo:

TpUsrFile—Provides traditional Tuxedo TpUserFile functionality for users who do not need single point security administration or custom security authentication.
LDAP— Provides single point security administration that allows you to maintain user security information in a WebLogic Server embedded LDAP server and use the WebLogic Server Console to administer the security information from a single system. Requires Tuxedo 8.1 and higher.
Custom.—Provides the ability for you to create customized security authentication.

Tasks

Configuring Security Attributes for Remote Tuxedo Access Points

Attributes

Table 430-1

Attribute Label	Description	Value Constraints
Acl Policy	The inbound access control list (ACL) policy toward requests from a remote access point. If Interoperate is set to Yes, AclPolicy is ignored. LOCAL: The local access point modifies the identity of service requests received from a given remote access point to the principal name specified in the local principal name for a given remote access point. GLOBAL: The local access point passes the service request with no change in identity. MBean: `weblogic.management. configuration. WTCRemoteTuxDomMBean` Attribute: `AclPolicy`	Default: "LOCAL" Valid values: "GLOBAL" "LOCAL"
Credential Policy	The outbound access control list (ACL) policy toward requests to a remote access point. If Interoperate is set to Yes, CredentialPolicy is ignored. LOCAL: The remote access point controls the identity of service requests received from the local access point to the principal name specified in the local principal name for this remote access point. GLOBAL: The remote access point passes the service request with no change. MBean: `weblogic.management. configuration. WTCRemoteTuxDomMBean` Attribute: `CredentialPolicy`	Default: "LOCAL" Valid values: "GLOBAL" "LOCAL"
Min Encryption Level	The minimum encryption key length (in bits) used when establishing a network connection for a local access point. A value of 0 indicates no encryption is used. The value of the MinEncrypBits attribute must be less than or equal to the value of the MaxEncrypBits attribute. A MinEncrypBits of 40 can be used only with access points running Tuxedo 7.1 or higher. MBean: `weblogic.management. configuration. WTCRemoteTuxDomMBean` Attribute: `MinEncryptBits`	Default: "0" Valid values: "0" "40" "56" "128"
Max Encryption Level	The maximum encryption key length (in bits) used when establishing a network connection for a local access point. A value of 0 indicates no encryption is used. The value of the MaxEncryptBits attribute must be greater than or equal to the value of the MinEncrypBits attribute. A MaxEncryptBits of 40 can be used only with access points running Tuxedo 7.1 or higher. MBean: `weblogic.management. configuration. WTCRemoteTuxDomMBean` Attribute: `MaxEncryptBits`	Default: "128" Valid values: "0" "40" "56" "128"
Allow Anonymous	Specifies whether the anonymous user is allowed to access Tuxedo. If the anonymous user is allowed to access Tuxedo, the default AppKey will be used for `TpUsrFile` and `LDAP` AppKey plug-ins. Interaction with the `Custom` AppKey plug-in depends on the design of the Custom AppKey generator. MBean: `weblogic.management. configuration. WTCRemoteTuxDomMBean` Attribute: `AllowAnonymous`	Default: false Valid values: true false
Default AppKey	The default AppKey value to be used by the anonymous user and other users who are not defined in the user database if the AppKey plug-in allows them to access Tuxedo. The `TpUsrFile` and `LDAP` plug-ins do not allow users that are not defined in user database to access Tuxedo unless `Allow Anonymous is enabled.` MBean: `weblogic.management. configuration. WTCRemoteTuxDomMBean` Attribute: `DefaultAppKey`	Default: "-1"
AppKey Generator	Specifies the type of AppKey plug-in used. You can choose from the following: TpUsrFile. LDAP. Custom. The `TpUsrFile` is the default plug-in. It uses an imported Tuxedo TPUSR file to provide user security information. Previous releases of WebLogic Tuxedo Connector support this option. The `LDAP` plug-in utilizes an embedded LDAP server to provide user security information. The user record must define the Tuxedo UID and GID information in the `description` field. This functionality is not supported in previous releases of WebLogic Tuxedo Connector. A `Custom` plug-in is provided by users who write their own AppKey generator class to provide the security information required by Tuxedo. This functionality is not supported in previous releases of WebLogic Tuxedo Connector. MBean: `weblogic.management. configuration. WTCRemoteTuxDomMBean` Attribute: `AppKey`	Default: "TpUsrFile" Valid values: "TpUsrFile" "LDAP" "Custom"
Tp User File	The full path to the user password file containing UID/GID information. This file is generated by the Tuxedo `tpusradd` utility on the remote Tuxedo domain specified by the remote Tuxedo access point. A copy of this file must be available in your WebLogic Tuxedo Connector environment to provide correct authorization, authentication, and auditing. MBean: `weblogic.management. configuration. WTCRemoteTuxDomMBean` Attribute: `TpUsrFile`
Tuxedo UID Keyword	The keyword for Tuxedo UID (user id) when using the Tuxedo migration utility `tpmigldap`. This keyword is used to find the Tuxedo UID in the user record of the embedded LDAP database. MBean: `weblogic.management. configuration. WTCRemoteTuxDomMBean` Attribute: `TuxedoUidKw`	Default: "TUXEDO_UID"
Tuxedo GID Keyword	The keyword for Tuxedo GID (group id) used when using the Tuxedo migration utility `tpmigldap`. The keyword is used to find Tuxedo GID in the user record of the embedded LDAP database. MBean: `weblogic.management. configuration. WTCRemoteTuxDomMBean` Attribute: `TuxedoGidKw`	Default: "TUXEDO_GID"
Custom AppKey Class	The full pathname to the custom AppKey generator class. The class at this location is loaded at runtime if the `Custom` AppKey plug-in is selected. MBean: `weblogic.management. configuration. WTCRemoteTuxDomMBean` Attribute: `CustomAppKeyClass`
Custom AppKey Param	The optional parameters to be used by the custom AppKey class at the class initialization time. MBean: `weblogic.management. configuration. WTCRemoteTuxDomMBean` Attribute: `CustomAppKeyClassParam`

Remote Tuxedo Access Points --> Security

Overview

Tasks

Related Topics

Attributes