Authenticating eXtreme Scale server connections in the OSGi framework

Connections between eXtreme Scale servers in the OSGi framework must be authenticated to prevent an unauthorized server from accessing the data grid.

1. Enable server to server authentication.
   Set the securityEnabled property to true in the server properties file; for example:

   securityEnabled=true

   The default value for this property is false.
2. Establish a secure server configuration.
   One secureTokenManagerType that may be used for a secure configuration is autoSecret, which performs token encryption and signing using keys derived from the authenticationSecret. Secure tokens are used in server to server authentication and also for client single sign-on tokens. A value of none for secureTokenManagerType is not secure because this setting prevents the creation of encrypted tokens.

   You can also specify a setting of secureTokenManagerType=default. However, this option requires that you set up of a key store and related artifacts.

3. Specify a long, string value for the authenticationSecret element.
   This value should be difficult for others to guess. You can encode this value using the FilePasswordEncoder utility. Do not use the ObjectGridDefaultSecret element, which is the value that is used in the sampleServer.properties file.
4. Reference the server properties file.
   Create a managed, service persistent identifier (PID) for the server properties file in the OSGi console, by running the following commands:

   osgi> cm create com.ibm.websphere.xs.server
   osgi> cm put com.ibm.websphere.xs.server objectgrid.server.props /mypath/server.properties