Server connection properties
To access a data source outside of the appliance, define the properties of the server.
The Server Connection properties table describes the properties on the Server Connections panel for the Advanced Access Control and Federation module activation levels.
- Advanced Access Control: Configure LDAP, database, web service, or Cloud Identity server connections so that you can set up policy information points. You can configure any of the server connection types.
- Federation: Configure an LDAP server as an attribute source for attribute mapping. Federation does not configure any of the other database server connection types.
| Property | Description |
|---|---|
| Name | Specifies the name for the server connection. Ensure that the name is unique. Select this
name when you define the policy information point. Note: The server connection name must begin with
an alphabetic character. Do not use control characters, leading and trailing blanks, and the
following special characters ~ ! @ # $ % ^ & * ( ) + | ` = \ ; " ' < > ? , [ ] { } / anywhere
in the name. |
| Description | Describes the server connection. This property is optional. |
| Type | Shows the server connection type. (Read only) |
| JNDI ID (Oracle, DB2, PostgreSQL, MSSQL only) | Specifies the JNDI ID that the server uses. Ensure that the ID is unique. Use only alphanumeric characters: a-b, A-B, 0-9 |
| Set the connection by using the full URL (Oracle only) | Indicates that the connection to the database is set as the full JDBC URL. |
| Set the connection by using the server name and port (Oracle only) | Indicates that the connection to the database is set by specifying the server name and port. |
| Server name (Oracle, DB2, PostgreSQL, MSSQL, SMTP only) | Specifies the name or IP address for the server. |
| Port (Oracle, DB2, PostgreSQL, MSSQL, LDAP, SMTP, Redis only) | Specifies the port number where the connection to the server can be made. |
| URL (Oracle only) | Specifies the JDBC URL where the connection to the database can be made. |
| URL (Web Service only) | Specifies the URL where the connection to the server can be made. |
| Master Name (Redis-Sentinel only) | |
| User name (Oracle, DB2, PostgreSQL, MSSQL. SMTP, and Web Service only) | Specifies the user name that has the correct permissions to access the resources. |
| Password (Oracle, DB2, PostgreSQL, MSSQL, SMTP, and Web Service only) | Specifies the password to access the server. |
| SSL | Specifies whether SSL is used for connecting to the server. Select True or False. The default value is True. |
| Driver type (Oracle only) | Specifies the driver type. Select Thin or OCI. The default value is Thin. |
| Service name (Oracle only) | Specifies the name of the service. |
| Database name (DB2, PostgreSQL, MSSQL only) | Specifies the name of the database. |
| Host name (LDAP and Redis only) | Specifies the host name or IP address of the LDAP and Redis
server. For Redis-Sentinel, select the Servers tab to add specify the servers. |
| Bind DN (LDAP only) | Specifies the LDAP distinguished name (DN) that is used when binding, or signing on, to the
LDAP server. Note: If this value is set to "anonymous", the
appliance uses an anonymous bind to the LDAP directory server. Typically the
bind-dn has significant privileges so that it can be used to modify LDAP registry
entries, such as creating users and resetting passwords via pdadmin or the Registry Direct Java API.
Using an anonymous connection to LDAP typically comes with very limited access, perhaps at most
search and view of entries, at the least no access at all. If anonymous access has sufficient
privileges, then it might be usable for the WebSEAL level of access on users and groups. This access
includes the permission for a user to change password if "bind-auth-and-pwdchg =
yes" is set ("ldap.bind-auth-and-pwdchg = true" for Registry Direct Java
API). |
| Bind Password (LDAP only) | Specifies the password for the LDAP bind DN. Note: If bind DN
( bind-dn) is set to anonymous, you can use any non-empty string as
the value of bind password (bind-pwd). |
| Administration hostname (Cloud Identity only) | Specifies the administration hostname of the Cloud Identity subscription. |
| Client ID (Cloud Identity only) | Specifies the client ID of an API Client on Cloud Identity. |
| Client Secret (Cloud Identity only) | Specifies the client secret of an API Client on Cloud Identity. |
| SSL Truststore (LDAP, Web Service, Cloud Identity, and Redis only) | Specifies the truststore that verifies the credentials. |
| SSL Mutual Authentication Key (LDAP, Web Service, Cloud Identity, Redis only) | Label of the client certificate to be presented when connecting to the LDAP. This property is
sourced from SSL Truststore. Note: This field is required only if mutual SSL authentication is
required by the server. |
| Connection URL (SMS Gateway only) | The URL of the SMS Gateway where the phone number of the user and the one-time password is sent. Must include the protocol. |
| Basic Authentication User Name (SMS Gateway only) | The username that is used in HTTP Basic authentication. SMS Delivery does not use the HTTP basic authentication if this configuration is not specified. |
| Basic Authentication Password (SMS Gateway only) | The password that is used in HTTP Basic authentication. SMS Delivery does not use HTTP Basic authentication if this configuration is not specified. |
| HTTPS Trust Store (SMS Gateway only) | The keystore that validates the SMS Gateway SSL certificate. This configuration must be specified only when SMS Delivery communicates with the SMS Gateway by using HTTPS. |
| Client Authentication Key (SMS Gateway only) | The certificate that is used as the client certificate in SSL Client authentication. SMS Delivery does not use SSL Client authentication if this configuration is not specified. |
| HTTP Request Parameters (SMS Gateway only) | The list of name and value pairs that is included in the body of the HTTP POST request to the
SMS Gateway. In each pair, the name and the value are separated by equal sign. Two macros,
|
| Success HTTP Return Code (SMS Gateway only) | The response code from the SMS Gateway that is an acknowledgment from the SMS Gateway that
the request is successfully processed. The default |
| Success HTTP Response Body Regex Pattern (SMS Gateway only) | This parameter defines the Java™ regular-expression pattern that matches
the HTTP response body the SMS Gateway returns. When the match is successful, the SMS delivery is
successful. The default value is empty. The default behavior is that the HTTP response body
is not going to be matched against any Java regular-expression. The success or
failure decision is going to be based on the |
| Instance Name (MSSQL only) | The database instance name to connect to. |
| Trust server certificate (MSSQL only) | Specifies whether the driver validates the server TLS/SSL certificate. |
Note: For information on SSL configuration, see Configuring SSL connections.
The properties in the following table are connection manager properties. The defaults that are listed are the current known defaults. All tuning properties are optional.
| Property | Description |
|---|---|
| Aged timeout (seconds) (Oracle, DB2, PostgreSQL, MSSQL only) | Specifies the amount of time, in seconds, before a physical connection is discarded by pool maintenance. Specify -1 to disable this timeout. The default is -1. |
| Connection timeout (seconds) | Specifies the amount of time, in seconds, after which a connection times out. For Oracle, DB2, PostgreSQL, MSSQL, and SMTP, specify -1 to disable this timeout. The default is 30 seconds. For LDAP, specify only integers, 1 or greater. The default is 120 seconds. For Redis, the default is 10 seconds |
| Min Idle Size (Redis only) | Specifies the minimum number of established connections that must be kept in the pool. |
| Max Idle Size (Redis only) | Specifies the maximum number of established connections that must be kept in the pool. |
| Max Idle Time (seconds) | Specifies the maximum amount of time, in seconds, after which an unused or idle connection is discarded during pool maintenance. Specify -1 to disable this timeout. The default is 1800 seconds. |
| Max Idle Time (seconds) (LDAP only) | Specifies the amount of time, in seconds, after which an established connection is discarded
as idle. Set this to a value lower than the connection idle timeout on the LDAP server. Note: This is
only applicable for performing Attribute Mapping from an LDAP server. |
| Reap time (seconds) (Oracle, DB2, PostgreSQL, MSSQL only) | Specifies the amount of time, in seconds, between runs of the pool maintenance thread. Specify -1 to disable pool maintenance. The default is 180 seconds. |
| Max pool size (Oracle, DB2, PostgreSQL, MSSQL only) | Specifies the maximum number of physical connections for a pool. Specify 0 for unlimited. The default is 50. |
| Max pool size (LDAP and Redis only) | Specifies the maximum number of connections that are pooled. Note: This is only applicable
for performing Attribute Mapping from an LDAP server. |
| Min pool size (Oracle, DB2, PostgreSQL, MSSQL only) | Specifies the minimum number of physical connections to maintain in a pool. The aged timeout can override the minimum. |
| Purge policy (Oracle, DB2, PostgreSQL, MSSQL only) | Specifies which connections to delete when a stale connection is detected in the pool. Select
from the following options:
|
| Max connections per thread (Oracle, DB2, PostgreSQL, MSSQL only) | Specifies the limit of open connections on each thread. |
| Cache connections per thread (Oracle, DB2, PostgreSQL, MSSQL only) | Specifies the number of cache connections for each thread. |
| Idle Timeout (seconds) (Redis only | Specifies the amount of time, in seconds, after which an established connection is discarded as idle. The default is 1800 seconds. |
| IO Timeout (seconds) (Redis only) | Specifies the amount of time, in seconds, that the client waits for a response from the server, after an established connection, before it is discarded as idle. |