Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

Remote Tuxedo Access Points: Security

Configuration Options     Related Tasks     Related Topics

Use this page to define the security configuration of a remote Tuxedo access point that will be used with this WTC Service.

Access Control Lists (ACLs) limit the access to local services within a local Tuxedo access point by restricting the remote Tuxedo access points that can execute these services. Inbound policy from a remote Tuxedo access point is specified using the AclPolicy element. Outbound policy towards a remote Tuxedo access point is specified using the CredentialPolicy element. This allows WebLogic Server and Tuxedo applications to share the same set of users, and the users are able to propagate their credentials from one system to the other. WebLogic Tuxedo Connector provides the following AppKey Generator plug-ins to provide user security information to Tuxedo:

Configuration Options

Name Description
ACL Policy

The inbound access control list (ACL) policy toward requests from a remote Tuxedo access point.

The allowed values are:

  • LOCAL: The local Tuxedo access point modifies the identity of service requests received from a given remote Tuxedo access point to the principal name specified in the local principal name for a given remote Tuxedo access point.

  • GLOBAL: The local Tuxedo access point passes the service request with no change in identity.

Note: If Interoperate is set to Yes, AclPolicy is ignored.

MBean Attribute:
WTCRemoteTuxDomMBean.AclPolicy

Credential Policy

The outbound access control list (ACL) policy toward requests to a remote Tuxedo access point.

The allowed values are:

  • LOCAL: The remote Tuxedo access point controls the identity of service requests received from the local Tuxedo access point to the principal name specified in the local principal name for this remote Tuxedo access point.

  • GLOBAL: The remote Tuxedo access point passes the service request with no change.

Note:If Interoperate is set to Yes, CredentialPolicy is ignored.

MBean Attribute:
WTCRemoteTuxDomMBean.CredentialPolicy

Min Encryption Level

The minimum encryption key length (in bits) this remote Tuxedo access point uses when establishing a session connection. A value of 0 indicates no encryption is used.

Value Restrictions:

  • The MinEncrypBits value must be less than or equal to the MaxEncrypBits value.

  • A MinEncrypBits value of 40 can be used only with domains running Tuxedo 7.1 or higher.

MBean Attribute:
WTCRemoteTuxDomMBean.MinEncryptBits

Secure value: 40

Max Encryption Level

The maximum encryption key length (in bits) this remote Tuxedo access point uses when establishing a session connection. A value of 0 indicates no encryption is used.

Value Restrictions:

  • The value of the MaxEncryptBits attribute must be greater than or equal to the value of the MinEncrypBits attribute.

  • A MaxEncryptBits of 40 can be used only with domains running Tuxedo 7.1 or higher.

MBean Attribute:
WTCRemoteTuxDomMBean.MaxEncryptBits

Allow Anonymous

Specifies whether the anonymous user is allowed to access remote Tuxedo services.

Note: If the anonymous user is allowed to access Tuxedo, the default AppKey will be used for TpUsrFile and LDAP AppKey plug-ins. Interaction with the Custom AppKey plug-in depends on the design of the Custom AppKey generator.

MBean Attribute:
WTCRemoteTuxDomMBean.AllowAnonymous

Default AppKey

The default AppKey value to be used by the anonymous user and other users who are not defined in the user database if the plug-in allows them to access Tuxedo.

Note: The TpUsrFile and LDAP plug-ins do not allow users that are not defined in user database to access Tuxedo unless Allow Anonymous is enabled.

MBean Attribute:
WTCRemoteTuxDomMBean.DefaultAppKey

AppKey Generator

Specifies the type of AppKey plug-in used.

The allowed values are:

  • TpUsrFile: TpUsrFile is the default plug-in. It uses an imported Tuxedo TPUSR file to provide user security information. Previous releases of WebLogic Tuxedo Connector support this option.

  • LDAP: The LDAP plug-in utilizes an embedded LDAP server to provide user security information. The user record must define the Tuxedo UID and GID information in the description field. This functionality is not supported in previous releases of WebLogic Tuxedo Connector.

  • Custom: The Custom plug-in provides the ability to write your own AppKey generator class to provide the security information required by Tuxedo. This functionality is not supported in previous releases of WebLogic Tuxedo Connector.

MBean Attribute:
WTCRemoteTuxDomMBean.AppKey

Tp User File

The full path to the user password file containing UID/GID information. (This field is only relevant if you specify TpUsrFile as the AppKey Generator.)

Note: This file is generated by the Tuxedo tpusradd utility on the remote Tuxedo domain specified by the remote Tuxedo access point. A copy of this file must be available in your WebLogic Tuxedo Connector environment to provide correct authorization, authentication, and auditing.

MBean Attribute:
WTCRemoteTuxDomMBean.TpUsrFile

Tuxedo UID Keyword

The keyword for Tuxedo UID (User ID) used in the WlsUser when using the Tuxedo migration utility tpmigldap. This keyword is only relevant if you specify LDAP as the AppKey Generator.)

Note: The keyword is used to find Tuxedo UID in the user record in the embedded LDAP database.

MBean Attribute:
WTCRemoteTuxDomMBean.TuxedoUidKw

Tuxedo GID Keyword

The keyword for Tuxedo GID (Group ID) used in the WlsUser when using the Tuxedo migration utility tpmigldap. This field is only relevant if you specify LDAP as the AppKey Generator.)

Note: The keyword is used to find Tuxedo GID in the user record in the embedded LDAP database.

MBean Attribute:
WTCRemoteTuxDomMBean.TuxedoGidKw

Custom AppKey Class

The full pathname to the custom AppKey generator class. (This class is only relevant if you specify Custom as the AppKey Generator.)

Note: This class is loaded at runtime if the Custom AppKey generator plug-in is selected.

MBean Attribute:
WTCRemoteTuxDomMBean.CustomAppKeyClass

Custom AppKey Param

The optional parameters to be used by the custom AppKey class at the class initialization time. This class is only relevant if you specify Custom as the AppKey Generator.)

MBean Attribute:
WTCRemoteTuxDomMBean.CustomAppKeyClassParam

Related Tasks

Related Topics


Back to Top