Skip navigation.

eDocs Home > BEA Tuxedo 9.1 Documentation > Using Security in ATMI Applications Using Security in ATMI Applications

Using Security in ATMI Applications

   Previous Next vertical dots separating previous/next from contents/index/pdf Contents View as PDF   Get Adobe Reader

Introducing ATMI Security

What Security Means

Security Plug-ins

ATMI Security Capabilities

Operating System (OS) Security

Authentication

Authentication Plug-in Architecture

Understanding Delegated Trust Authentication

Establishing a Session

Getting Authorization and Auditing Tokens

Replacing Client Tokens with Server Tokens

Implementing Custom Authentication

Authorization

Authorization Plug-in Architecture

How the Authorization Plug-in Works

Default Authorization

Custom Authorization

Implementing Custom Authorization

Auditing

Auditing Plug-in Architecture

How the Auditing Plug-in Works

Default Auditing

Custom Auditing

Implementing Custom Auditing

Link-Level Encryption

How LLE Works

Encryption Key Size Negotiation

Determining Min-Max Values

Finding a Common Key Size

Backward Compatibility of LLE

Interoperating with Release 6.5 BEA Tuxedo Software

Interoperating with Pre-Release 6.5 BEA Tuxedo Software

WSL/WSH Connection Timeout During Initialization

LLE Installation and Licensing

Public Key Security

PKCS-7 Compliant

Supported Algorithms for Public Key Security

Public Key Algorithms

Digital Signature Algorithms

Symmetric Key Algorithms

Message Digest Algorithms

Public Key Installation and Licensing

Message-based Digital Signature

Digital Certificates

Certification Authority

Certificate Repositories

Public-Key Infrastructure

Message-based Encryption

Public Key Implementation

Public Key Initialization

Key Management

Certificate Lookup

Certificate Parsing

Certificate Validation

Proof Material Mapping

Implementing Custom Public Key Security

Default Public Key Implementation

Default Authentication and Authorization

Client Naming

User-Client Names

Application Key

User, Group, and ACL Files

Optional and Mandatory ACLs

Security Interoperability

Interoperating with Pre-Release 7.1 Software

Interoperability for Link-Level Encryption

Interoperability for Public Key Security

Security Compatibility

Mixing Default/Custom Authentication and Authorization

Mixing Default/Custom Authentication and Auditing

Compatibility Issues for Public Key Security

Compatibility/Interaction with Data-dependent Routing

Compatibility/Interaction with Threads

Compatibility/Interaction with the EventBroker

Compatibility/Interaction with /Q

Compatibility/Interaction with Transactions

Compatibility/Interaction with Domain Gateways

Compatibility/Interaction with Other Vendors' Gateways

Administering Security

What Administering Security Means

Security Administration Tasks

Setting the BEA Tuxedo Registry

Purpose of the BEA Tuxedo Registry

Registering Plug-ins

Configuring an ATMI Application for Security

Editing the Configuration File

Changing the TM_MIB

Using the BEA Administration Console

Setting Up the Administration Environment

Administering Operating System (OS) Security

Recommended Practices for OS Security

Administering Authentication

Specifying Principal Names

How System Processes Acquire Credentials

Why System Processes Need Credentials

Example UBBCONFIG Entries for Principal Names

Mandating Interoperability Policy

Establishing an Identity for an Older Client

How the WSH Establishes an Identity for an Older Client

How the Domain Gateway Establishes an Identity for an Older Client

How the Server Establishes an Identity for an Older Client

Summarizing How the CLOPT -t Option Works

Example UBBCONFIG Entries for Interoperability

Establishing a Link Between Domains

Example DMCONFIG Entries for Establishing a Link

Setting ACL Policy

Impersonating the Remote Domain Gateway

Example DMCONFIG Entries for ACL Policy

Setting Credential Policy

Administering Authorization

Administering Link-Level Encryption

Understanding min and max Values

Verifying the Installed LLE Version

How to Configure LLE on Workstation Client Links

How to Configure LLE on Bridge Links

How to Configure LLE on tlisten Links

How to Configure LLE on Domain Gateway Links

Administering Public Key Security

Recommended Practices for Public Key Security

Assigning Public-Private Key Pairs

Setting Digital Signature Policy

Setting a Postdated Limit for Signature Timestamps

Setting a Predated Limit for Signature Timestamps

Enforcing the Signature Policy for Incoming Messages

How the EventBroker Signature Policy Is Enforced

How the /Q Signature Policy Is Enforced

How the Remote Client Signature Policy Is Enforced

Setting Encryption Policy

Enforcing the Encryption Policy for Incoming Messages

How the EventBroker Encryption Policy Is Enforced

How the /Q Encryption Policy Is Enforced

How the Remote Client Encryption Policy Is Enforced

Initializing Decryption Keys Through the Plug-ins

Failure Reporting and Auditing

Digital Signature Error Handling

Encryption Error Handling

Administering Default Authentication and Authorization

Designating a Security Level

Establishing Security by Editing the Configuration File

Establishing Security by Changing the TM_MIB

Establishing Security by Using the BEA Administration Console

Configuring the Authentication Server

How to Enable Application Password Security

How to Enable User-Level Authentication Security

Setting Up the UBBCONFIG File

Setting Up the User and Group Files

Converting System Security Data Files to BEA Tuxedo User and Group Files

Adding, Modifying, or Deleting Users and Groups

Enabling Access Control Security

How to Enable Optional ACL Security

Setting Up the UBBCONFIG File

Setting Up the ACL File

How to Enable Mandatory ACL Security

Setting Up the UBBCONFIG File

Setting Up the ACL File

Using the Kerberos Authentication Plug-in

Kerberos Plug-In

Kerberos Supported Platforms

Kerberos Plug-in Features

Kerberos Plug-In Pre-configuration

Kerberos Plug-In Configuration

Configure the Kerberos Plug-in

Restore Default Plug-in

Configure KAUTHSVR

Configure Tuxedo Native Client

Limitations

See Also

Using the Cert-C PKI Encryption Plug-in

Cert-C PKI Encryption Plug-In

Cert-C PKI Encryption Plug-In Pre-configuration

Cert-C PKI Encryption Plug-In Configuration

Configure Certificate Lookup

ldapUserCertificate

ldapBaseObject

ldapFilterAttribute

ldapBaseDNAttribute

Configure Key Management

decPassword

privateKeyDir

Configure Certificate Parsing

Configure Certificate Validation

caCertificateFile

crlFile

Sample Registry Command File

Limitations

See Also

Programming Security

What Programming Security Means

Programming an ATMI Application with Security

Setting Up the Programming Environment

Writing Security Code So Client Programs Can Join the ATMI Application

Getting Security Data

Joining the ATMI Application

Transferring the Client Security Data

Calling a Service Request Before Joining the ATMI Application

Writing Security Code to Protect Data Integrity and Privacy

ATMI Interface for Public Key Security

Recommended Uses of Public Key Security

Sending and Receiving Signed Messages

Writing Code to Send Signed Messages

Step 1: Opening a Key Handle for Digital Signature

Step 2 (Optional): Getting Key Handle Information

Step 3 (Optional): Changing Key Handle Information

Step 4: Allocating a Buffer and Putting a Message in the Buffer

Step 5: Marking the Buffer for Digital Signature

Step 6: Sending the Message

Step 7: Closing the Signer's Key Handle

How the System Generates a Digital Signature

How a Signed Message Is Received

Verifying Digital Signatures

Verifying and Transmitting an Input Buffer's Signatures

Replacing an Output Buffer's Signatures

Sending and Receiving Encrypted Messages

Writing Code to Send Encrypted Messages

Step 1: Opening a Key Handle for Encryption

Step 2 (Optional): Getting Key Handle Information

Step 3 (Optional): Changing Key Handle Information

Step 4: Allocating a Buffer and Putting a Message in the Buffer

Step 5: Marking the Buffer for Encryption

Step 6: Sending the Message

Step 7: Closing the Encryption Key Handle

How the System Encrypts a Message Buffer

Writing Code to Receive Encrypted Messages

Step 1: Opening a Key Handle for Decryption

Step 2 (Optional): Getting Key Handle Information

Step 3 (Optional): Changing Key Handle Information

Step 4: Closing the Decryption Key Handle

How the System Decrypts a Message Buffer

Examining Digital Signature and Encryption Information

What Happens When an Originating Process Calls tpenvelope

What Happens When a Receiving Process Calls tpenvelope

Understanding the Composite Signature Status

Example Code for tpenvelope

Externalizing Typed Message Buffers

How to Create an Externalized Representation

How to Convert an Externalized Representation

Example Code for tpexport and tpimport

Implementing Single Point Security Administration

What Single Point Security Administration Means

Single Point Security Administration Tasks

Setting up LAUTHSVR as the Authentication Server

LAUTHSVR Command Line Interface

Setting Up the LAUTHSVR Configuration File

Sample UBBCONFIG Using LAUTHSVR

Using Multiple Network Addresses for High Availability

Configuring the Database Search Order

Using tpmigldap to Migrate User Information to WebLogic Server

Assigning New Passwords for the tpusr File

tpmigldap Command Line Options

Adding New Tuxedo User Information

Adding New User Information in tpusr or tpgrp

Adding New User Information Using the WebLogic Administration Console

 

Skip footer navigation  Back to Top Previous Next