Client security properties

Use this page to configure client security for a catalog service domain. These settings apply to all the servers in your catalog service domain. These properties can be overridden by specifying a splicer.properties file with the com.ibm.websphere.xs.sessionFilterProps custom property or by splicing the application EAR file.

To view this administrative console page, click System administration > WebSphere eXtreme Scale > Catalog service domains > catalog_service_domain_name > Client security properties.

Enable client security

Specifies that client security is enabled for the catalog server. The server properties file that is associated with the selected catalog server must have a matching securityEnabled setting in the server properties file. If these settings do not match, an exception results.

Credential authentication

Indicates if credential authentication is enforced or supported.

Never: No client credential authentication is enforced.
Required: Credential authentication is always enforced. If the server does not support credential authentication, the client cannot to connect to the server.
Supported: Credential authentication is enforced only if both the client and server support credential authentication.

Authentication retry count

Specifies the number of times that authentication gets tried again if the credential is expired.

If you do not want to try authentication again, set the value to 0.

Credential generator class

Indicates the com.ibm.websphere.objectgrid.security.plugins.CredentialGenerator implementation class, so the client retrieves the credential from the CredentialGenerator object.

You can choose from two predefined credential generator classes, or you can specify a custom credential generator. If you choose a custom credential generator, you must indicate the name of the credential generator class.

com.ibm.websphere.objectgrid.security.plugins.UserPasswordCredentialGenerator
com.ibm.websphere.objectgrid.security.plugins.builtins.WSTokenCredentialGenerator
Custom credential generator

Subject type

Specifies if you are using the J2EE caller or the J2EE runAs subject type. You must specify this value when you choose the WSTokenCredentialGenerator credential generator.

runAs: The subject contains the principal of the J2EE run as identity and the J2EE run as credential.
caller: The subject contains the principal of the J2EE caller and the J2EE caller credential.

User ID

Specify a user ID when you are using the UserPasswordCredentialGenerator credential generator implementation.

Password

Specify a password when you are using the UserPasswordCredentialGenerator credential generator implementation.

Credential generator properties

Specifies the properties for a custom CredentialGenerator implementation class. The properties are sent to the object with the setProperties(String) method. The credential generator properties value is used only when a value is specified for the Credential generator class field.