Connections between eXtreme Scale servers in Liberty must be authenticated to prevent an unauthorized
server from accessing the data grid.
About this task
The following settings in the
server.properties file determine how servers
authenticate to one another:
- securityEnabled=true
- secureTokenManagerType=autoSecret
- authenticationSecret=OurGridServersExampleSecret
All of the
eXtreme Scale servers in a domain, as well as
all of the servers in any linked domains, must use the same values for these properties in the
server.properties file, or communication fails.
Procedure
-
Enable server to server authentication.
Set the securityEnable property to
true; for example:
securityEnabled=true
The default value for this property is
false.
-
Establish a secure server configuration.
One secureTokenManagerType that can be used for a secure configuration is autoSecret, which
performs token encryption and signing using keys derived from the authenticationSecret. Secure
tokens are used in server to server authentication and also for client single sign-on tokens. A
value of
none for secureTokenManagerType is not secure because this setting
prevents the creation of encrypted tokens.
You can also specify a setting of
secureTokenManagerType=default. However, this option requires that you set up of a keystore and
related artifacts.
-
Specify a long and encrypted authentication secret that is difficult for others to
decipher.
Do not use the ObjectGridDefaultSecret, which is the value that is used in the
sampleServer.properties file.
-
Configure the server.xml file using the same configuration that you might
use for a stand-alone server configuration.
In the
server.xml file, specify the file path to the properties file in a
serverProps attribute inside the
xsSever element. See the following example from
the
server.xml
file:
<server>
...
<xsSever ... serverProps="/path/to/myServerProps.properties" ... />
</server>