Trusted identities

Identities defined in EAServer Manager configure client identities (user names, SSL certificates, or Entrust users) that can be assumed by executing components. For caller propagation, EAServer requires an identity to propagate a remote client’s credentials to another server when it cannot include, as part of the request, the client’s authentication data (password or a private key corresponding to a X.509 certificate). You configure a server (or container) to trust a set of identities that vouch for the client. These identities are known as trusted identities.If a target server trusts an intermediate server, it is implied that the target server trusts all servers trusted by the intermediate server.A server or container needs to establish a list of identities it trusts. Servers and containers use identities for the purpose of authentication. Other servers need to know the list of trusted identities for a server while connecting to it.

Configuring an identity for outgoing credential propagation

An identity is required when a server is making remote IIOP or IIOPS connections to other servers, and is not necessary for in-server or in-memory component calls. Use EAServer Manager to establish this identity at the server or application level.

Configuring a security identity for outgoing interserver calls

1. If necessary, define the identity to be used as described in “Configuring identities”.

2. Select the server or application for which you are configuring the security identity.

3. Select File | Server Properties or File | Application Properties.

4. Select the Security tab.

5. For a server, click the Set Trusted and Security Identities button. Select the security identity from the Security Identity drop-down list. For an application, select the security identity from the Security Identity drop-down list.

You can check the setting of your security identity from the Advanced tab by viewing the com.sybase.jaguar.server.security.identity property, and the com.sybase.jaguar.application.security.identity property. Do not set the security identity in the Advanced tab since these values are overwritten by the values set in the Security tab.

Enabling trusted identities on the peer

A trusted identity vouches for someone else and is always authenticated by the peer. Establish a list of trusted identities at the server or application level.

Establishing a list of trusted identities for incoming interserver calls

1. If necessary, define identities to be trusted as described in “Configuring identities”.

2. Select the server or application for which you are establishing trusted identities.

3. Select File | Server Properties or File | Application Properties.

4. Select the Security tab.

5. For a server, click the Set Trusted and Security Identities button. Click the Add button and highlight the identity you are adding from the drop-down list. Add as many identities as you want, one at a time. For an application, click the Add button and highlight the identity you are adding from the drop-down list. Add as many identities as you want, one at a time.

Use the Remove button to remove a trusted identity.

You can check the settings of your trusted identities from the Advanced tab by viewing the com.sybase.jaguar.server.trustedidentities property, and the com.sybase.jaguar.server.applicaiton.trustedidentities property. Do not set trusted identities in the Advanced tab since these values are overwritten by the values set in the Security tab.

Copyright © 2005. Sybase Inc. All rights reserved.

View this book as PDF