Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 4 Administration Server Properties File : Server Security Properties

Server Security Properties
The following properties govern how the administration server handles security.
repo.isSecurityEnabled—Optional. Default value is true.
This is the master switch for security. If its value is false, other security related properties have no meaning.
Specify whether the server is security-enabled.
If this property value is a text string set to true, the server is security-enabled. The server is always either secure or not. There is no way to programatically turn security on or off.
repo.checkSecurityOnlyOnPolicyManagement—Optional. Default value is false.
Specify whether the server checks security only on the operations that update security policies.
If this property value is a text string set to true, the server checks security only on the policy management operations that update security policies. Other operations do not get any security checked by the server.
This property is relevant only if the repo.isSecurityEnabled property is set to true for this server.
This property is for production time when replacing an old version of a legacy server with a new, secured server. Users can configure security policies first while other operations are still being served without security checked. Using the default value is strongly recommended.
repo.secureGuestPassword—Optional. Default value is an empty string.
This property must match the password for the user specified by repo.secureGuestUsername. Use this option to allow 3.x applications to access an instance of a repository 4.x or later on a secure server.
This property requires that security be enabled via the isSecurityEnabled property.
repo.secureGuestUsername—Optional. Default value is guest.
When security is enabled, this property specifies the user to use for 3.x applications. Use this option to allow 3.x applications to access an instance of a repository 4.x or later on a secure server. A client can continue accessing a project after its password has been changed until its security statement times out.
Any message received from a client that doesn't contain an authentication statement is treated with the authority of the repo.secureGuestUsername user. To create an authentication statement, the server uses repo.secureGuestUsername user with its password specified in another property of this file, repo.secureGuestPassword.
The repo.secureGuestUsername user must be explicitly defined in the security policy backend with its password specified by repo.secureGuestPassword.
It is perfectly valid for the secureGuestUsername user not to exist. Such a situation completely blocks access to unauthenticated users for all instances maintained by that server. Similarly, the secureGuestUserId user must be explicitly granted access rights in the same way any other user would be granted rights.
There are no automatic rights, nor are there any limits to the rights granted. All unauthenticated users share the same privileges.
This property requires that security be enabled be enabled via the isSecurityEnabled property.
repo.secureUsername—Optional. Name of the user with full Administrator privileges.
This is the user specified as the domain administrator for the administration domain when it was created. The domain administrator can use the TIBCO Administrator user management module to specify additional users with full Administrator privileges.
This property is meaningful only when repo.isSecurityEnabled property is set to true.
repo.securePassword—Optional. Password for the username specified in the repo.secureUsername property.
This is the password specified for the domain administrator for the administration domain. This property is meaningful only when repo.isSecurityEnabled property is set to true.
repo.secureStatementDuration—Optional. Default value is 3600.
The number of seconds a security statement generated by a server is valid for a given client. Clients automatically renew their security statements when they expire.
repo.isRepoNavigatorEnabled—Optional. Enables the use of the Repository Navigator.
When set (repo.isRepoNavigatorEnabled=true) the repository instances on the server can be viewed using the URL: http://host:port/administrator/repo.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved