[junction] stanza
- allow-backend-domain-cookies
Use the allow-backend-domain-cookies stanza entry to control whether WebSEAL sends domain cookies from a back-end server to a client. - always-send-kerberos-tokens
Indicates whether WebSEAL sends a security token for every HTTP request or whether WebSEAL waits for a 401 response before it adds the security token. - basicauth-dummy-passwd
Use the basicauth-dummy-passwd stanza entry to specify the global password for WebSEAL to use when it supplies basic authentication data over junctions that were created with the -b supply argument. - crl-ldap-server
Use the crl-ldap-server stanza entry in the [junction] stanza to specify the LDAP server that WebSEAL can contact for CRL checking during authentication across SSL junctions. - crl-ldap-server-port
Use the crl-ldap-server-port entry in the [junction] stanza to set the port number for WebSEAL to use when it communicates with the LDAP server specified in crl-ldap-server. - crl-ldap-user
Use the crl-ldap-user entry in the [junction] stanza to specify an LDAP user who has permissions to retrieve the CRL on the LDAP server that is specified in crl-ldap-server. - crl-ldap-user-password
Use the crl-ldap-user-password entry in the [junction] stanza to provide the password for the LDAP user that is specified in crl-ldap-user. - disable-local-junctions
Use the disable-local-junctions stanza entry to control whether WebSEAL serves pages from a local web server through local junctions. - disable-on-ping-failure
Use the disable-on-ping-failure stanza entry to configure the Web Reverse Proxy to return an error when HTTP requests are received for junctioned servers which are currently failing the 'ping' operation. - disable-ssl-v2
Use the disable-ssl-v2 entry in the [junction] stanza to control whether WebSEAL supports SSL version 2 for junction connections. - disable-ssl-v3
Use the disable-ssl-v3 entry in the [junction] stanza to control whether WebSEAL supports SSL version 3 for junction connections. - disable-tls-v1
Use the disable-tls-v1 entry in the [junction] stanza to control whether WebSEAL supports Transport Layer Security (TLS) version 1 for junction connections. - disable-tls-v11
Use the disable-tls-v11 entry in the [junction] stanza to control whether WebSEAL supports Transport Layer Security (TLS) version 1.1 for junction connections. - disable-tls-v12
Use the disable-tls-v12 entry in the [junction] stanza to control whether WebSEAL supports Transport Layer Security (TLS) version 1.2 for junction connections. - dont-reprocess-jct-404s
Use the dont-reprocess-jct-404s stanza entry to control whether WebSEAL reprocesses requests that fail with an HTTP 404 error by prepending the junction name to the URL. - dynamic-addresses
Use the dynamic-addresses stanza entry to control whether the junction server host name is resolved to its IP address immediately before every communication with the junction server. - dynamic-addresses-ttl
Use the dynamic-addresses-ttl stanza entry to specify the length of time (in seconds) that a resolved IP address will be cached before it is discarded and another name resolution is attempted (time-to-live). - failover-on-read
Use this entry to specify whether to retry requests to replicated junction servers or junction servers that are configured to use persistent connections when an error occurs on the initial request. - persistent-failover-on-read
When persistent connections are enabled, this entry specifies whether retries on error conditions will also be made to the same server on a different connection if a request on a particular connection fails. - gso-credential-learning
Use this entry to enable or disable the learning capability for GSO junctions. - gso-obfuscation-key
Use this stanza entry to set the key for obfuscating any passwords that are managed by the GSO RESTful web service. - http-timeout
- https-timeout
- insert-client-real-ip-for-option-r
- io-buffer-size
- jct-cert-keyfile
- jct-cert-keyfile-stash
- max-jct-read
Use the max-jct-read stanza entry to control the amount of header data WebSEAL will read from responses. - jct-nist-compliance
Use the jct-nist-compliance stanza entry to enable or disable NIST SP800-131A compliance for junction connections. - jct-ocsp-enable
- jct-ocsp-max-response-size
- jct-ocsp-nonce-check-enable
- jct-ocsp-nonce-generation-enable
- jct-ocsp-proxy-server-name
- jct-ocsp-proxy-server-port
- jct-ocsp-url
- jct-ssl-reneg-warning-rate
- jct-undetermined-revocation-cert-action
- jmt-map
- kerberos-keytab-file
Use the kerberos-keytab-file entry to set the name of the Kerberos key table file for the WebSEAL server. - kerberos-principal-name
Use the kerberos-principal-name entry to set the service principal name of the impersonating user when creating a Kerberos token. - kerberos-service-name
Use the kerberos-service-name entry to set the service principal name of the target. - kerberos-sso-enable
Use the kerberos-sso-enable entry to enable or disable SSO for junctions. - kerberos-user-identity
Use the kerberos-user-identity stanza entry to enable and define a custom user principal name (UPN). The custom UPN can be constructed from either plain text or the contents of credential attributes. - managed-cookies-list
- mangle-domain-cookies
- match-vhj-first
Helps determine the order in which WebSEAL searches for a request in a standard or a virtual host junction table. - max-cached-persistent-connections
- max-webseal-header-size
- pass-http-only-cookie-attr
- persistent-con-timeout
- ping-method
- ping-response-code-rules
Use the ping-response-code-rules configuration entry to define the rules that are used to determine whether the HTTP status code of the ping responses indicate a healthy or an unhealthy junctioned Web server. - ping-attempt-threshold
Use this entry to define the number of consecutive failed ping requests before the junctioned server will be marked as not running. - ping-time
- ping-timeout
Use this entry to set a different timeout value for the 'ping' operations. - ping-uri
- recovery-ping-time
- recovery-ping-attempt-threshold
Use this entry to define the number of consecutive successful recovery ping responses before a stopped junctioned server will be marked as running. - reprocess-root-jct-404s
- reset-cookies-list
- response-code-rules
When a response of a client-initiated request is returned from the junctioned server, the optional response-code-rules configuration entry defines the rules that are used to determine from the HTTP status code of the responses whether the junctioned Web server is in a healthy or an unhealthy state. - share-cookies
- support-virtual-host-domain-cookies
- use-new-stateful-on-error
- validate-backend-domain-cookies
- worker-thread-hard-limit
- worker-thread-soft-limit
Parent topic: Stanza reference