Security Token Files
When a security domain requestor uses a security token file to connect to a metaspace, ActiveSpaces uses the contents of the security token to:
Restrict the metaspaces to which a security domain requestor can connect.
Ensure the identity of the security domain controller.
Determine the level of transport security the security domain requestor should use for TCP communication.
The same token file can be shared by different security domain requestors. If you use the same token file for different requestors, consider the following:
- Creating a Security Token File
You generate a security token file from a security policy file using the Admin CLI.and an existing security policy file. - Limiting Metaspace Access
Typically, you do not need to edit a security token file. The one case where you might want to edit a security token file is when a security domain is associated with more than one metaspace, but you want to make sure that a security token file can only be used to connect to a specific metaspace. - Validating a Security Token File
You validate security token files using the Admin CLI. After you have finished generating or editing a security token file, you should validate the file to make sure that the token file is valid before you try to actually use it. The following example shows the Admin CLI command to validate a security token file: - Security Token File Keys and Certificates
When you generate a security token file from a security policy file, the public certificate of the domain identity in the security policy file is copied to the security token file. When a security domain requestor attempts to connect to a metaspace using the security token file, the connection fails if the public certificate in the security token file does not match the security domain controller's identity certificate. - Metaspace Access List
Each domain defined in a security policy file contains a Metaspace Access List. The Metaspace Access List restricts the security behavior defined by the settings for its security domain to only those metaspaces specified in the list. A metaspace can only belong to one security domain.
Copyright © Cloud Software Group, Inc. All rights reserved.