Previous Contents DocHome Index Next |
iPlanet Web Server: Plug-in for Trustbase services 1.0 Installation, Configuration and Developer's Guide |
Chapter 3 Configuration
The following must be configured
Logging can be done either to Oracle or directly to a file. You can specify where your logging should take place from
if you are using Oracle, the generation of users and the tablespaces defined may differ for individual sites - contact the site DBA for advice. The following parameters must be defined: Oracle login name, Oracle login password, PBEPassword set the same as Oracle login password, Oracle hostname, Oracle port number and Oracle SID.
- /build/config/authservlet.properties
Installation Pre-requisite
You should download from
The filename used might be oracle-jdbc-815.zip or classes12_01.zip depending on the version of Oracle you are using. Copy this file into the <iws_servlet_directory>. Then make sure the location of this file is appended to the classpath within jvm12.conf
- JDBCTM -Thin / 100% Java API for JDKTM 1.1.x
http://technet.oracle.com/software/download.htm
Running the iPlanet Web Server: Plug-in for Trustbase services SQL Scripts
Switch to the Oracle user and run server manager:
The database must be enabled to support the UTF8 character set. The following script is an example of how to achieve this.
Create a iPlanet Web Server: Plug-in for Trustbase services user - you may need to change the username, password and default tablespaces depending on site policy:
Connect as the iPlanet Web Server: Plug-in for Trustbase services user and run the scripts:
The following changes need to be made to authservlet.properties
iWSPTS Configuration
The properties files, with iWS 4.1, can be found in:<iws4.1_Install_directory>/https-<instance_name>/config/Authservlet.properties
<iws4.1_Install_directory>/https-<instance_name>/config/configservlet.properties
<iws4.1_Install_directory>/https-<instance_name>/config/dsmsservlet.properties
The properties files, with iWS 6.0, can be found in:
<iwspts_Install_Directory>/config/Authservlet.properties
<iwspts_Install_Directory>/config/configservlet.properties
<iwspts_Install_Directory>/config/dsmsservlet.properties
and should be configured dynamically from the Web Server as follows:
Figure 3-1    Logon Main Menu
Configuring Authservlet.properties
Most of the configuration you can perform is centered around:<iws_install_directory>/https-<iws-server-instance>/config/authserv let.properties
Figure 3-2    Authentication Servlet
This file controls the behaviour of both the authentication servlet and cookie authorisation modules. The file is divided into sections and each section controls a different element. The Authservlet section controls the authentication servlet as a whole entity - it controls what signing certificates and used and whether or not to log any data at all. The cengine section controls the cookie authorisation it controls what certificate to consider the server certificate. The LogManager section controls the authentication servlets logging behaviour and its configuration will be familiar to Trustbase transaction manager installers as it is exactly the same. It is used to configure the behaviour of the error , access and raw logs used by the servlet. The CookieGenerator section controls what cookie generators are available to the authentication servlet and how they are configured.
Database Provider
This is a module of the Authentication Servlet and it controls how a username which is entered by the user is associated with a LDAP database entry. Inside the LDAP database you must add the Base 64 encoded certificate for a user to that user's LDAP entry. The field you need to add it too by default is "usersmimecertificate" but this can be changed with "LdapDatabase.Property=CertificateElement=" property inside the DatabaseProvider section. You can control which Database Provider is chosen by using the setting in the AuthServlet section - see below.
CookieGenerator
This is a module of the Authentication Servlet an it controls what the contents of the cookie will be that is generated in response to a successful Certificate Status Check.
LogManager
Activate Logging : Controls whether or not these logs are written to
Authservlet
This section is also expected to contain any settings you wish to make to control the DSMS.
Cengine
This section controls the cokie checking software the properties availbale are :
Property Name
Property Type
Default
Remarks
ServerCertNickName
String
None
The nick name of the server certificate that is being used to sign the cookies.
Configuring configurationservlet.properties
Configuration Level : Controls the amount of configuration options that are provided it effectively provides and beginner , medium , and advanced settings - valid values are 1 , 2 , 3 - default is 1.Require Authentication : Controls whether the configuration servlet demands the password for the keystore when attempting to change the configuration. valid values : ticked/not ticked. default : ticked.
Require SSL Secure Connections : Controls whether the configuration servlet will accept connections through only secure connections or both secure and insecure. valid values : ticked/not ticked. Default : ticked.
Figure 3-3    Configuration Servlet
Configuring dsmsdemoservlet.properties
This file can be configured as follows:
Figure 3-4    Demonstration Servlet
Signing Certificate Nick Name : Is the nick name of the certificate you are using for signing your message between the authoritative entities and the webserver.
SSL Signing certificate Nick Name : Is the nick name of the certificate you are using for SSL transactions between the authoritative entities and the webserver.
Verification Certificate Nick Name : Are the nick names of the certificates you are using as trust anchors - to verify the signed messages you receive from authoritative entities.
Insist On Freshness Proof Presence : Controls whether we insist on the presence of a freshness proof - and if one is not provided we will attempt to get one.
Generate Nonce : controls whether nonce's are generated or not.
Preferred Protocol : controls which protocol is used to perform certificate status checks - valid values : "identrus" or "ocsp". default value : "identrus".
Protocol Version : Controls what version of the protocol we use. Default : 0. valid value : 0 , 1 , 2.
Force Default Location : Controls whether we ignore the AIA of a certificate and send our check to the location specified in Default location.
Maximum Time proof : Controls how long a freshness is considered valid since its generation. This value is specified in seconds.
Create Signed OCSP : Controls whether we sign OCSP requests that we generate - this setting is overriden under the identrus protocol where they are never signed.
Verify Signed OCSP : Controls whether we verify signed OCSP responses that we receive - this setting is overriden under the identrus protocol where they are not checked.
clip base64 lines : controls whether the base64 generated is clipped to a line length.
Default location: the location to send transactions to, if set to "Yes".
Previous Contents DocHome Index Next
Copyright © 2001 Sun Microsystems, Inc.
Last Updated September 24, 2001