Object Request Broker (ORB) (orb)

Configuration for a server or client ORB. Specify either the nameService attribute for a client ORB or one or more iiopEndpoint references for a server ORB.

NameTypeDefaultDescription

id

string

A unique configuration ID.

iiopEndpointRef

List of references to top level iiopEndpoint elements (comma-separated string).

defaultIiopEndpoint

Optional IIOP Endpoint describing the ports open for this ORB

nameService

string

corbaname::localhost:2809

Optional URL for the remote name service, for example corbaname::localhost:2809

orbSSLInitTimeout

string

10

ORB SSL initialization timeout specified in seconds

clientPolicy.clientContainerCsiv2

A unique configuration ID.

NameTypeDefaultDescription

id

string

A unique configuration ID.

clientPolicy.clientContainerCsiv2 > layers

Specify the CSIv2 layers like transport, authentication, and attribute.

clientPolicy.clientContainerCsiv2 > layers > authenticationLayer

Determine the authentication mechanisms and association options to be performed by the client for outgoing CSIv2 requests.

NameTypeDefaultDescription

establishTrustInClient

  • Never

  • Required

  • Supported

Supported

Specify if this association option is Supported, Required, or Never used for this layer. It indicates the authentication requirements at the authentication layer.
Never
The association option must not be used
Required
The association option is required
Supported
The association option is supported

mechanisms

string
This is specified as a child element rather than as an XML attribute (maximum occurrences 2).

GSSUP

Specifies authentication mechanisms as a comma separated list. For example: GSSUP

password

Reversably encoded password (string)

The user password that is used with the user name.

user

string

The user name that is used to login to the remote server.

clientPolicy.clientContainerCsiv2 > layers > transportLayer

Configure how to trust the client.

NameTypeDefaultDescription

sslEnabled

boolean

true

Indicate by true or false whether SSL is enabled for CSIv2 requests. Default is true and is the recommended value. If this attribute is set to false, sensitive information such as passwords and tokens are sent over unsecured channels when using IIOP.

sslRef

A reference to top level ssl element (string).

Specify the SSL configuration needed to establish a secure connection.

clientPolicy.csiv2

A unique configuration ID.

NameTypeDefaultDescription

id

string

A unique configuration ID.

clientPolicy.csiv2 > layers

Specify the CSIv2 layers like transport, authentication, and attribute.

clientPolicy.csiv2 > layers > attributeLayer

Determine the attribute layer options to be performed by the client for outgoing CSIv2 requests.

NameTypeDefaultDescription

identityAssertionEnabled

boolean

false

Indicate by true or false whether identity assertion is enabled. Default is false.

identityAssertionTypes

  • ITTAnonymous

  • ITTDistinguishedName

  • ITTPrincipalName

  • ITTX509CertChain

ITTAnonymous

Specify the supported identity token types for identity assertion.
ITTAnonymous
Assert an ITTAnonymous identity token
ITTDistinguishedName
Assert an ITTDistinguishedName identity token
ITTPrincipalName
Assert an ITTPrincipalName identity token
ITTX509CertChain
Assert an ITTX509CertChain identity token

trustedIdentity

string

The trusted identity used to assert an entity to the remote server.

trustedPassword

Reversably encoded password (string)

Specify the password that is used with the trusted identity.

clientPolicy.csiv2 > layers > authenticationLayer

Determine the authentication mechanisms and association options to be performed by the client for outgoing CSIv2 requests.

NameTypeDefaultDescription

establishTrustInClient

  • Never

  • Required

  • Supported

Supported

Specify if this association option is Supported, Required, or Never used for this layer. It indicates authentication requirements at the authentication layer.
Never
The association option must not be used
Required
The association option is required
Supported
The association option is supported

mechanisms

string
This is specified as a child element rather than as an XML attribute (maximum occurrences 3).

LTPA

Specifies authentication mechanisms as a comma separated list. For example: GSSUP, LTPA

clientPolicy.csiv2 > layers > transportLayer

Configure how to trust the client.

NameTypeDefaultDescription

sslEnabled

boolean

true

Indicate by true or false whether SSL is enabled for CSIv2 requests. Default is true and is the recommended value. If this attribute is set to false, sensitive information such as passwords and tokens are sent over unsecured channels when using IIOP.

sslRef

A reference to top level ssl element (string).

Specify the SSL configuration needed to establish a secure connection.

iiopEndpoint

Optional IIOP Endpoint describing the ports open for this ORB

NameTypeDefaultDescription

host

string

localhost

IP address, domain name server (DNS) host name with domain name suffix, or just the DNS host name

id

string

A unique configuration ID.

iiopPort

int

Port for the unsecured server socket opened by this IIOP endpoint

tcpOptionsRef

A reference to top level tcpOptions element (string).

defaultTCPOptions

TCP protocol options for the IIOP endpoint

iiopEndpoint > iiopsOptions

Specification of a secured server socket opened by this IIOP endpoint

NameTypeDefaultDescription

id

string

A unique configuration ID.

iiopsPort

int
Required

Specify the port to be configured with the SSL options.

sessionTimeout

A period of time with second precision

1d

Amount of time to wait for a read or write request to complete on a socket. This value is overridden by protocol-specific timeouts. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.

sslRef

A reference to top level ssl element (string).

The default SSL configuration repertoire. The default value is defaultSSLConfig.

sslSessionCacheSize

int

100

The maximum number of session objects that can be stored in the cache.

sslSessionTimeout

A period of time with millisecond precision

86400s

The timeout limit for an SSL session that is established by the SSL Channel. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

suppressHandshakeErrors

boolean

false

Disable logging of SSL handshake errors. SSL handshake errors can occur during normal operation, however these messages can be useful when SSL is behaving unexpectedly. If disabled, the message and console logs do not record handshake errors, and the trace log records handshake errors when SSL Channel tracing is on.

iiopEndpoint > tcpOptions

TCP protocol options for the IIOP endpoint

NameTypeDefaultDescription

acceptThread

boolean

false

If true, then listening ports do not share the same thread for accepting connections. Otherwise, they share the same thread.

addressExcludeList

string

A comma-separated list of addresses that are not allowed to make inbound connections on this endpoint. You can specify IPv4 or IPv6 addresses. All values in an IPv4 or IPv6 address must be represented by a number or by an asterisk wildcard character. As examples, valid IPv4 addresses for this list include "*.1.255.0", "254.*.*.9", and "1.*.*.*", and valid IPv6 addresses include "0:*:*:0:007F:0:0001:0001", "F:FF:FFF:FFFF:1:01:001:0001", and "1234:*:4321:*:9F9f:*:*:0000".

addressIncludeList

string

A comma-separated list of addresses that are allowed to make inbound connections on this endpoint. You can specify IPv4 or IPv6 addresses. All values in an IPv4 or IPv6 address must be represented by a number or by an asterisk wildcard character. As examples, valid IPv4 addresses for this list include "*.1.255.0", "254.*.*.9", and "1.*.*.*", and valid IPv6 addresses include "0:*:*:0:007F:0:0001:0001", "F:FF:FFF:FFFF:1:01:001:0001", and "1234:*:4321:*:9F9f:*:*:0000".

hostNameExcludeList

string

A comma-separated list of host names that are not allowed to make inbound connections on this endpoint. Host names are not case-sensitive and can start with an asterisk, which is used as a wildcard character. However, asterisks cannot be elsewhere in the host name. For example, *.abc.com is valid, but *.abc.* is not valid.

hostNameIncludeList

string

A comma-separated list of host names that are allowed to make inbound connections on this endpoint. Host names are not case-sensitive and can start with an asterisk, which is used as a wildcard character. However, asterisks cannot be elsewhere in the host name. For example, *.abc.com is valid, but *.abc.* is not valid.

inactivityTimeout

A period of time with millisecond precision

60s

Amount of time to wait for a read or write request to complete on a socket. This value is overridden by protocol-specific timeouts. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

maxOpenConnections

int

128000

Defines the maximum number of connections allowed to be open on this endpoint.

portOpenRetries

int
Min: 0
Max: 100000

0

Number of retries to open a TCP/IP port during server startup. There will be a one second delay between retries, until the opening is successful or the port open retry number is reached.

soReuseAddr

boolean

true

Enables immediate rebind to a port with no active listener.

waitToAccept

boolean

false

Queries whether this TCP Channel will delay accepting connections until the server starts. If false, connections are closed until the server starts. If true, the value for the acceptThread tcpOption is also set to true, and connections are delayed until the server starts.

serverPolicy.csiv2

A unique configuration ID.

NameTypeDefaultDescription

id

string

A unique configuration ID.

serverPolicy.csiv2 > layers

Specify the CSIv2 layers like transport, authentication, and attribute.

serverPolicy.csiv2 > layers > attributeLayer

Determine the attribute layer options that are claimed by the server for incoming CSIv2 requests.

NameTypeDefaultDescription

identityAssertionEnabled

boolean

false

Indicate by true or false whether identity assertion is enabled. Default is false.

identityAssertionTypes

  • ITTAnonymous

  • ITTDistinguishedName

  • ITTPrincipalName

  • ITTX509CertChain

ITTAnonymous

Specify the supported identity token types for identity assertion.
ITTAnonymous
Assert an ITTAnonymous identity token
ITTDistinguishedName
Assert an ITTDistinguishedName identity token
ITTPrincipalName
Assert an ITTPrincipalName identity token
ITTX509CertChain
Assert an ITTX509CertChain identity token

trustedIdentities

string

Specify a pipe (|)-separated list of server identities, which are trusted to perform identity assertion to this server. A value of “*” is also accepted to indicate implicit trust (trust anyone).

serverPolicy.csiv2 > layers > authenticationLayer

Determine the authentication mechanisms and association options that are claimed by the server for incoming CSIv2 requests.

NameTypeDefaultDescription

establishTrustInClient

  • Never

  • Required

  • Supported

Required

Specify if this association option is Supported, Required, or Never used for this layer. It indicates authentication requirements at the authentication layer.
Never
The association option must not be used
Required
The association option is required
Supported
The association option is supported

mechanisms

string
This is specified as a child element rather than as an XML attribute (maximum occurrences 3).

LTPA

Specifies authentication mechanisms as a comma separated list. For example: GSSUP, LTPA

serverPolicy.csiv2 > layers > transportLayer

Configure how to trust the client.

NameTypeDefaultDescription

sslEnabled

boolean

true

Indicate by true or false whether SSL is enabled for CSIv2 requests. Default is true and is the recommended value. If this attribute is set to false, sensitive information such as passwords and tokens are sent over unsecured channels when using IIOP.

sslRef

A reference to top level ssl element (string).

Specify the SSL configuration needed to establish a secure connection.