F. Add the optional DCAS client parameters (if desired).
Unlike the previous set of DCAS parameters, the following
parameters are optional. Which of these parameters you add to the
web.xml file depends on your environment and your objectives as an
administrator:
- CMPI_DCAS_TRACE_LEVEL
- This parameter specifies the trace level for the DCAS plug-in.
The trace messages are logged to the log file specified by CMPI_TRACE_LOG_FILE
parameter. Depending on your Web application server, they may or may
not be logged to the console. Trace level values include the following:
- 0 = None: No tracing. This is the default.
- 1 = Minimum: Trace APIs and parameters, return values, and errors.
- 2 = Normal: Trace Minimum plus internal APIs and parameters and informational messages.
- 3 = Maximum: Trace Normal plus Java exceptions.
Code example:<init-param> <param-name>CMPI_DCAS_TRACE_LEVEL</param-name> <param-value>3</param-value> </init-param>
- CMPI_DCAS_HOST_PORT
- The DCAS host address is determined based on the destination
host specified in the request. The default port address of 8990 is
used, but you may override it using this parameter.
Code example:
<init-param> <param-name>CMPI_DCAS_HOST_PORT</param-name> <param-value>8990</param-value> </init-param>
- CMPI_DCAS_USE_WELLKNOWN_KEYS
- This parameter defaults to false, and when it is true, it indicates
that
JSSE will use the specified truststore to look up the DCAS client
and server certificates.
Code example:
<init-param> <param-name>CMPI_DCAS_USE_WELLKNOWN_KEYS</param-name> <param-value>true</param-value> </init-param>
- CMPI_DCAS_WELLKNOWN_PASSWORD
- If you choose to replace the provided truststore
with your own, you will need to specify the password here. Place your
truststore file in the same directory where the provided version was
located.
This password should be encrypted using the encrypt password tool. For more information about the password encryption tool, refer to Password encryption tool. Code example:<init-param> <param-name>CMPI_DCAS_WELLKNOWN_PASSWORD</param-name> <param-value>tuBu9v8lHiJi1jt08UgHzA==</param-value> </init-param>
- CMPI_DCAS_VERIFY_SERVER_NAME
- This parameter indicates if the server host name in the certificate
must be verified in addition to the certificate validation. The default
is false.
Code example:
<init-param> <param-name>CMPI_DCAS_VERIFY_SERVER_NAME</param-name> <param-value>false</param-value> </init-param>
- CMPI_DCAS_REQUEST_TIMEOUT
- This parameter specifies the passticket request timeout in milliseconds.
It should be less than the Z and I Emulator for Web macro time-out value. The
default is 50000.
Code example:
<init-param> <param-name>CMPI_DCAS_REQUEST_TIMEOUT</param-name> <param-value>50000</param-value> </init-param>
The CMPI_DCAS_DB_PRESERVE_WHITESPACE and CMPI_DCAS_DB_CASE_SENSITIVE parameters are not used for Certificate-based Web Express Logon. |
- CMPI_DCAS_DB_PRESERVE_WHITESPACE
- This parameter indicates whether to trim white spaces from the
credential request parameters or not. If true, the white spaces are
not trimmed. The default is false.
Code example:
<init-param> <param-name>CMPI_DCAS_DB_PRESERVE_WHITESPACE</param-name> <param-value>false</param-value> </init-param>
- CMPI_DCAS_DB_CASE_SENSITIVE
- This parameter specifies whether or not the DCAS plug-in converts
the application ID and network ID of the user to lowercase characters
and then uses the lcase() method to make SQL queries to the HCM database.
This parameter should be set to true when using SQL applications that
do not support the lcase() method.
Code example:
<init-param> <param-name>CMPI_DCAS_DB_CASE_SENSITIVE</param-name> <param-value>false</param-value> </init-param>
- CMPI_DCAS_USE_DEFAULT_TRUSTSTORE
- This parameter indicates that JSSE should use the default truststore to lookup the DCAS certificates. This parameter is overridden by the CMPI_DCAS_USE_WELLKNOWN_KEYS parameter when CMPI_DCAS_USE_WELLKNOWN_KEYS is set to true. The default is false.
- CMPI_DCAS_NO_FIPS
- This parameter indicates that the FIPS security provider should not be used. The default security provider will be used instead. The default is false.