IIOP Server Policies (iiopServerPolicies)

Configuration for IIOP server policies

Name	Type	Default	Description
id	string		A unique configuration ID.

Name

Type

Default

Description

string

A unique configuration ID.

serverPolicy.csiv2

A unique configuration ID.

Name	Type	Default	Description
id	string		A unique configuration ID.

Name

Type

Default

Description

string

A unique configuration ID.

serverPolicy.csiv2 > layers

Specify the CSIv2 layers like transport, authentication, and attribute.

serverPolicy.csiv2 > layers > attributeLayer

Determine the attribute layer options that are claimed by the server for incoming CSIv2 requests.

Name	Type	Default	Description
identityAssertionEnabled	boolean	false	Indicate by true or false whether identity assertion is enabled. Default is false.
identityAssertionTypes	ITTAnonymous ITTDistinguishedName ITTPrincipalName ITTX509CertChain	ITTAnonymous	Specify the supported identity token types for identity assertion. ITTAnonymous Assert an ITTAnonymous identity token ITTDistinguishedName Assert an ITTDistinguishedName identity token ITTPrincipalName Assert an ITTPrincipalName identity token ITTX509CertChain Assert an ITTX509CertChain identity token
trustedIdentities	string		Specify a pipe (\|)-separated list of server identities, which are trusted to perform identity assertion to this server. A value of “*” is also accepted to indicate implicit trust (trust anyone).

Name

Type

Default

Description

identityAssertionEnabled

boolean

false

Indicate by true or false whether identity assertion is enabled. Default is false.

identityAssertionTypes

ITTAnonymous
ITTDistinguishedName
ITTPrincipalName
ITTX509CertChain

ITTAnonymous

Specify the supported identity token types for identity assertion.
ITTAnonymous
Assert an ITTAnonymous identity token
ITTDistinguishedName
Assert an ITTDistinguishedName identity token
ITTPrincipalName
Assert an ITTPrincipalName identity token
ITTX509CertChain
Assert an ITTX509CertChain identity token

trustedIdentities

string

Specify a pipe (|)-separated list of server identities, which are trusted to perform identity assertion to this server. A value of “*” is also accepted to indicate implicit trust (trust anyone).

serverPolicy.csiv2 > layers > authenticationLayer

Determine the authentication mechanisms and association options that are claimed by the server for incoming CSIv2 requests.

Name	Type	Default	Description
establishTrustInClient	Never Required Supported	Required	Specify if this association option is Supported, Required, or Never used for this layer. It indicates authentication requirements at the authentication layer. Never The association option must not be used Required The association option is required Supported The association option is supported
mechanisms	string This is specified as a child element rather than as an XML attribute (maximum occurrences 3).	LTPA	Specifies authentication mechanisms as a comma separated list. For example: GSSUP, LTPA

Name

Type

Default

Description

establishTrustInClient

Never
Required
Supported

Required

Specify if this association option is Supported, Required, or Never used for this layer. It indicates authentication requirements at the authentication layer.
Never
The association option must not be used
Required
The association option is required
Supported
The association option is supported

mechanisms

string
This is specified as a child element rather than as an XML attribute (maximum occurrences 3).

LTPA

Specifies authentication mechanisms as a comma separated list. For example: GSSUP, LTPA

serverPolicy.csiv2 > layers > transportLayer

Configure how to trust the client.

Name	Type	Default	Description
sslEnabled	boolean	true	Indicate by true or false whether SSL is enabled for CSIv2 requests. Default is true and is the recommended value. If this attribute is set to false, sensitive information such as passwords and tokens are sent over unsecured channels when using IIOP.
sslRef	A reference to top level ssl element (string).		Specify the SSL configuration needed to establish a secure connection.

Name

Type

Default

Description

sslEnabled

boolean

true

Indicate by true or false whether SSL is enabled for CSIv2 requests. Default is true and is the recommended value. If this attribute is set to false, sensitive information such as passwords and tokens are sent over unsecured channels when using IIOP.

sslRef

A reference to top level ssl element (string).

Specify the SSL configuration needed to establish a secure connection.