To use the Web server plug-in, you must configure some of the properties that are defined the SybSecurityPluginConfig.txt file. At initialization time, the plug-in reads the parameters defined in Table 11-1 from the SybSecurityPluginConfig.txt configuration file.
Before you start the Web server, set the following environment variables:
JAGUAR_SERVER_IIOP_URL – the URL that represents the location of EAServer. Change the IIOP host to the host where EAServer is installed, and change the port to your EAServer port number.
MISC_INFO_FILE – must point to the default_credential.txt file.
The password for the EPWebServerPlugin user is defined in default_credential.txt and used for credential checks. If you change the password in this file, you must also change the password using Enterprise Security Manager—see “Viewing and updating a user account”.
Set these environment variables to the following values:
SYB_EP_WEB_VALID_LOGIN_PAGE = /syb_ep_web_valid_login.html SYB_EP_WEB_INVALID_LOGIN_PAGE = /syb_ep_web_invalid_login.html SYB_EP_WEB_LOGIN_PAGE = /syb_ep_weblogin.html SYB_EP_WEB_LOGOUT_PAGE = /syb_ep_weblogout.html SYB_EP_WEB_PLUGIN_ERROR_PAGE = /syb_ep_web_plugin_error.html
SECURITY_PLUGIN_LOG_FILE_PATH – set to the full path of the plugin.log file.
WEBSERVER_IP_ADDRESS – set to the IP address of the Web server.
Property |
Value |
---|---|
APACHE_PORT_AVAIL[num] |
The number of each port available for the Apache servers. The number of entries for this parameter should match the value entered for MAX_APACHE_PORTS. For example, if MAX_APACHE_PORTS=5, there should be five entries in the plug-in configuration file to specify five different ports; for example: APACHE_PORT_AVAIL1=3001APACHE_PORT_AVAIL2=3002APACHE_PORT_AVAIL3=3003APACHE_PORT_AVAIL4=3004APACHE_PORT_AVAIL5=3005 |
CONN_CACHE_MAX_ENTRY_TIME |
This property specifies how long (in seconds) an idle session can stay in the connection cache. If a session is idle for this amount of time, the session is flushed out of the connection cache. Typically, this value should be equal to the PortalSession bean timeout value. See the PortalSession bean property com.sybase.jaguar.component.timeout. |
DEBUG |
Set to true to enable debugging. |
IPLANET_BIND_PORT |
Specifies the port number the Web server could use to open a TCP/IP socket to communicate with EAServer.This TCP/IP socket is opened using the INADDR_ANY system macro (effective for all network cards for which the Web server is configured) in the Internet domain. |
JAGUAR_SERVER_IIOP_URL |
The URL that represents the location of EAServer. |
LOG_UNPROTECTED_URL_CACHE_ACTIVITY |
True or false. If true, an event is logged whenever a session is cached or removed. The number of entries in the cache at the moment is logged. If a user cannot connect due to a full connection cache, the failure is logged. Other information is logged as necessary. The default is “false.” |
MAX_APACHE_PORTS |
The number of ports available for the Apache servers. The Apache server spawns multiple child servers at runtime based on the server load. There should be more ports available if several child servers are spawned. Each child server binds to one port at start time.
|
SECURITY_PLUGIN_LOG_FILE |
The location of the log file where statistics are recorded. |
SET_COOKIE_MAX_AGE |
True or false. If this parameter is set to true, the plug-in sets the Max_Age of the cookie to the value specified by SYB_SESSION_COOKIE_AGE. If this parameter is set to false, the plug-in does not set the Cookie Max_Age value. This leads to the cookie being nonpersistent in the client browser (recommended). |
SYB_EP_WEB_LOGIN_PAGE |
The login page URL relative to the Web server’s document root location. |
SYB_EP_WEB_LOGOUT_PAGE |
The logout page URL relative to the Web server’s document root location. The plug-in redirects clients to this page when either:
|
SYB_QOP |
Specifies the QOP that the plug-in uses. The only QOP currently supported is “sybpks_intl,” which is set as the default value. |
SYB_SESSION_COOKIE_AGE |
If SET_COOKIE_MAX_AGE is set to true, the plug-in sets the Max_Age value as specified. Value in seconds. |
SYB_SESSION_COOKIE_DOMAIN |
If “NOT_SPECIFIED”, the plug-in does not set the domain value, or else the domain has to be specified beginning with a period (for example, .sybase.com). |
SYB_SESSION_COOKIE_NAME |
Specifies the name of the cookie as it will be seen in the client browser if the appropriate browser options are enabled.After the plug-in authenticates the user, it creates an HTTP cookie and sends it back to the Web browser. |
SYB_SESSION_COOKIE_PATH |
Specifies the cookie path. Recommended value is “/”. |
UNPROTECTED_URL_CACHE_FLUSH_SIZE |
The number of entries to flush out of the URL cache when the cache is full. |
UNPROTECTED_URL_CACHE_MAX_SIZE |
The number of entries in the unprotected URL cache. |
WEBSERVER_IP_ADDRESS |
The IP address EAServer can use to open a TCP/IP client socket to the Web server. The security EJB opens a TCP/IP socket to this server and sends messages to instruct the plug-in to flush the unprotected URL cache when a URL asset is created, updated, or deleted in the ACDB. |