Default connection server settings
| Setting | Description |
|---|---|
| Location | The host name or IP address of the endpoint that forms the connection. |
| Port | The port on which to connect to the host system. Defaults to the default HTTPS port of 443. Needs to be specified only if the connection is to be made to a different port. |
| Distinguished Name | The certificate DN that is presented to Cloud Identity Service when connections to the application server are established. This field can be used to enhance security by allowing Cloud Identity Service to verify the certified identity of the server before a connection to it is established. |
| Virtual Host | The HTTP Host header that is transmitted to the application server with the
web requests. For HTTP version 1.1 compliant web servers, this header can be required to route the
requests to the appropriate virtual host configuration. Note: Only required if the virtual host name
differs from the value that is provided in the Location field.
|
| Query Script Path | The location of the Query Contents tool that can optionally be installed on a client application server. The Query Contents tool allows Cloud Identity Service to inspect its web-space and represent it via the path object hierarchy that is displayed in the Connection Object Space panel. If not specified, this value defaults to /cgi-bin/query_contents. |
| Case sensitive URLs | Controls whether Cloud Identity Service treats URLs as case-insensitive when an authorization check is performed on a request to a connection host. After a successful ACL check, the original case of the URL is restored when the request is sent to the server. |
| Win32 support | Controls whether Cloud Identity Service
performs authorization checks against legacy Windows file
paths. Cloud Identity Service performs security checks on client
requests to connection hosts based on the file paths that are specified in the URL. A compromise in this security check can occur because Win32 file systems allow two different methods for accessing long file names. The first method acknowledges the entire file name, for example, abcdefghijkl.txt. The second method recognizes the old 8.3 file name format for compatibility with earlier versions, for example abcdef~l.txt. When you
add a connection host in a Windows environment, it is
important to restrict access control to one object representation only. This restriction is to
prevent the possibility of back door access that bypasses the security mechanism. For this reason,
the Win32 support option provides a number of measures of protection.
|